BUG/MINOR: hpack: return a compression error on invalid table size updates

RFC7541#6.3 mandates that an error is reported when a dynamic table size
update announces a size larger than the one configured with settings. This
is tested by h2spec using test "hpack/6.3/1".

This must be backported to 1.9 and possibly 1.8 as well.

diff --git a/include/common/hpack-tbl.h b/include/common/hpack-tbl.h
index 385f3860bbb27a8f45b9d30b56d44b3fca93ff33..2cbc2bf6cd67df562102393df5fb50f7801d6c85 100644 (file)
--- a/include/common/hpack-tbl.h
+++ b/include/common/hpack-tbl.h
@@ -127,6 +127,7 @@ enum {
        HPACK_ERR_MISSING_AUTHORITY,  /* :authority is missing with CONNECT */
        HPACK_ERR_SCHEME_NOT_ALLOWED, /* :scheme not allowed with CONNECT */
        HPACK_ERR_PATH_NOT_ALLOWED,   /* :path not allowed with CONNECT */
+       HPACK_ERR_INVALID_ARGUMENT,   /* an invalid argument was passed */
 };
 
 /* static header table as in RFC7541 Appendix A. [0] unused. */

diff --git a/src/hpack-dec.c b/src/hpack-dec.c
index 148a9a21571629b07f4780161f79c67d5c512a10..e179f29d58f71ebd6e1729d63a96f30b20825676 100644 (file)
--- a/src/hpack-dec.c
+++ b/src/hpack-dec.c
@@ -232,6 +232,12 @@ int hpack_decode_frame(struct hpack_dht *dht, const uint8_t *raw, uint32_t len,
                                goto leave;
                        }
                        hpack_debug_printf(" new len=%u\n", idx);
+
+                       if (idx > dht->size) {
+                               hpack_debug_printf("##ERR@%d##\n", __LINE__);
+                               ret = -HPACK_ERR_INVALID_ARGUMENT;
+                               goto leave;
+                       }
                        continue;
                }
                else if (!(*raw & (*raw - 0x10))) {