Mercurial > hg > nginx
changeset 8550:234e9d89ff7f quic
HTTP/3: reject HTTP/2 frames.
As per HTTP/3 draft 30, section 7.2.8:
Frame types that were used in HTTP/2 where there is no corresponding
HTTP/3 frame have also been reserved (Section 11.2.1). These frame
types MUST NOT be sent, and their receipt MUST be treated as a
connection error of type H3_FRAME_UNEXPECTED.
| author | Roman Arutyunyan <arut@nginx.com> |
|---|---|
| date | Wed, 16 Sep 2020 12:27:23 +0100 |
| parents | d70a38acaea0 |
| children | 5a794d2452ef |
| files | src/http/v3/ngx_http_v3_parse.c |
| diffstat | 1 files changed, 17 insertions(+), 0 deletions(-) [+] |
line wrap: on
line diff
--- a/src/http/v3/ngx_http_v3_parse.c +++ b/src/http/v3/ngx_http_v3_parse.c @@ -10,6 +10,10 @@ #include <ngx_http.h> +#define ngx_http_v3_is_v2_frame(type) \ + ((type) == 0x02 || (type) == 0x06 || (type) == 0x08 || (type) == 0x09) + + static ngx_int_t ngx_http_v3_parse_lookup(ngx_connection_t *c, ngx_uint_t dynamic, ngx_uint_t index, ngx_str_t *name, ngx_str_t *value); @@ -182,6 +186,11 @@ ngx_http_v3_parse_headers(ngx_connection } st->type = st->vlint.value; + + if (ngx_http_v3_is_v2_frame(st->type)) { + return NGX_HTTP_V3_ERR_FRAME_UNEXPECTED; + } + st->state = sw_length; break; @@ -986,6 +995,10 @@ ngx_http_v3_parse_control(ngx_connection ngx_log_debug1(NGX_LOG_DEBUG_HTTP, c->log, 0, "http3 parse frame type:%ui", st->type); + if (ngx_http_v3_is_v2_frame(st->type)) { + return NGX_HTTP_V3_ERR_FRAME_UNEXPECTED; + } + if (st->state == sw_first_type && st->type != NGX_HTTP_V3_FRAME_SETTINGS) { @@ -1581,6 +1594,10 @@ ngx_http_v3_parse_data(ngx_connection_t goto done; } + if (ngx_http_v3_is_v2_frame(st->type)) { + return NGX_HTTP_V3_ERR_FRAME_UNEXPECTED; + } + st->state = sw_length; break;