Welcome! Log In Create A New Profile

Re: [PATCH] HTTP/3: require that field section base index is not negative

Forum List Message List New Topic Print View

Sergey Kandaurov

May 26, 2022 09:06AM

> On 26 May 2022, at 15:45, Roman Arutyunyan <arut@nginx.com> wrote:
>
> # HG changeset patch
> # User Roman Arutyunyan <arut@nginx.com>
> # Date 1653564901 -14400
> # Thu May 26 15:35:01 2022 +0400
> # Branch quic
> # Node ID 9feb0196a87189b573757cc00a15ff0acf4d5f8c
> # Parent c2f5d79cde64457f1fa7344c56a5248a677a7e46
> HTTP/3: require that field section base index is not negative.
>
> RFC 9204 explicitly requires that.
>
> diff --git a/src/http/v3/ngx_http_v3_parse.c b/src/http/v3/ngx_http_v3_parse.c
> --- a/src/http/v3/ngx_http_v3_parse.c
> +++ b/src/http/v3/ngx_http_v3_parse.c
> @@ -474,7 +474,12 @@ done:
> }
>
> if (st->sign) {
> + if (st->insert_count <= st->delta_base) {
> + return NGX_HTTP_V3_ERR_DECOMPRESSION_FAILED;
> + }
> +
> st->base = st->insert_count - st->delta_base - 1;
> +
> } else {
> st->base = st->insert_count + st->delta_base;
> }
>

I'd put something in logs to emphasize bad Base.
Otherwise looks good.

--
Sergey Kandaurov

_______________________________________________
nginx-devel mailing list -- nginx-devel@nginx.org
To unsubscribe send an email to nginx-devel-leave@nginx.org

Reply Quote

RSS

Subject	Author	Views	Posted
[PATCH] HTTP/3: require that field section base index is not negative	Roman Arutyunyan	278	May 26, 2022 07:48AM
Re: [PATCH] HTTP/3: require that field section base index is not negative	Sergey Kandaurov	107	May 26, 2022 09:06AM

Sorry, you do not have permission to post/reply in this forum.

Online Users

Guests: 158

Record Number of Users: 8 on April 13, 2023

Record Number of Guests: 421 on December 02, 2018