From: Yorgos Thessalonikefs Date: Fri, 29 Aug 2025 13:35:32 +0000 (+0200) Subject: - Limit the number of consecutive reads on an HTTP/2 session. X-Git-Tag: release-1.24.0rc1~9 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=44da5eee667df28af404ab2d64aa15f04cd35fd2;p=thirdparty%2Funbound.git - Limit the number of consecutive reads on an HTTP/2 session. Thanks to Gal Bar Nahum for exposing the possibility of infinite reads on the session. --- diff --git a/doc/Changelog b/doc/Changelog index dc0c0d0be..214e69484 100644 --- a/doc/Changelog +++ b/doc/Changelog @@ -1,3 +1,8 @@ +29 August 2025: Yorgos + - Limit the number of consecutive reads on an HTTP/2 session. + Thanks to Gal Bar Nahum for exposing the possibility of infinite + reads on the session. + 28 August 2025: Wouter - Fix setup_listen_sslctx warning for nettle compile. diff --git a/util/netevent.c b/util/netevent.c index 7a015e08e..aedcb5e07 100644 --- a/util/netevent.c +++ b/util/netevent.c @@ -5161,6 +5161,15 @@ ssize_t http2_recv_cb(nghttp2_session* ATTR_UNUSED(session), uint8_t* buf, log_assert(h2_session->c->type == comm_http); log_assert(h2_session->c->h2_session); + if(++h2_session->reads_count > h2_session->c->http2_max_streams) { + /* We are somewhat arbitrarily capping the amount of + * consecutive reads on the HTTP2 session to the number of max + * allowed streams. + * When we reach the cap, error out with NGHTTP2_ERR_WOULDBLOCK + * to signal nghttp2_session_recv() to stop reading for now. */ + h2_session->reads_count = 0; + return NGHTTP2_ERR_WOULDBLOCK; + } #ifdef HAVE_SSL if(h2_session->c->ssl) { diff --git a/util/netevent.h b/util/netevent.h index f0f336e43..c5114bbbe 100644 --- a/util/netevent.h +++ b/util/netevent.h @@ -939,6 +939,8 @@ struct http2_session { /** comm point containing buffer used to build answer in worker or * module */ struct comm_point* c; + /** count the number of consecutive reads on the session */ + uint32_t reads_count; /** session is instructed to get dropped (comm port will be closed) */ int is_drop; /** postpone dropping the session, can be used to prevent dropping