BUG/MINOR: hpack: dynamic table size updates are only allowed before headers

h2spec reports that we used to support a dynamic table size update
anywhere in the header block but it's only allowed before other
headers (cf RFC7541#4.2.1). In practice we don't use these for now
since we only use literals in responses.

To backport to 1.8.

diff --git a/src/hpack-dec.c b/src/hpack-dec.c
index 0515d011be3fd4691a89d214e5e4c0de1cb14025..454f55cb7349996d4944d3327c435a198ded09bb 100644 (file)
--- a/src/hpack-dec.c
+++ b/src/hpack-dec.c
@@ -202,6 +202,12 @@ int hpack_decode_frame(struct hpack_dht *dht, const uint8_t *raw, uint32_t len,
                }
                else if (*raw >= 0x20 && *raw <= 0x3f) {
                        /* max dyn table size change */
+                       if (ret) {
+                               /* 7541#4.2.1 : DHT size update must only be at the beginning */
+                               ret = -HPACK_ERR_TOO_LARGE;
+                               goto leave;
+                       }
+
                        idx = get_var_int(&raw, &len, 5);
                        if (len == (uint32_t)-1) { // truncated
                                ret = -HPACK_ERR_TRUNCATED;