]> git.ipfire.org Git - thirdparty/apache/httpd.git/commitdiff
projects / thirdparty / apache / httpd.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 4705dd4)
Merge r1916771 from trunk:
authorEric Covener <covener@apache.org>
Wed, 3 Apr 2024 11:59:18 +0000 (11:59 +0000)
committerEric Covener <covener@apache.org>
Wed, 3 Apr 2024 11:59:18 +0000 (11:59 +0000)
bail after too many failed reads

Submitted By: icing

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/tags/2.4.55@1916774 13f79535-47bb-0310-9956-ffa450edef68

modules/http2/h2_session.c patch | blob | blame | history
modules/http2/h2_stream.c patch | blob | blame | history
modules/http2/h2_stream.h patch | blob | blame | history

diff --git a/modules/http2/h2_session.c b/modules/http2/h2_session.c
index 7ba49cf8d5ee0eedfb91ead76c6b2bd9c63942ed..da8360633146d1c8e5e05a993305e0bbaf5de41d 100644 (file)
--- a/modules/http2/h2_session.c
+++ b/modules/http2/h2_session.c
@@ -319,9 +319,13 @@ static int on_header_cb(nghttp2_session *ngh2, const nghttp2_frame *frame,
     
     status = h2_stream_add_header(stream, (const char *)name, namelen,
                                   (const char *)value, valuelen);
-    if (status != APR_SUCCESS
-        && (!stream->rtmp
-            || stream->rtmp->http_status == H2_HTTP_STATUS_UNSET)) {
+    if (status != APR_SUCCESS &&
+        (!stream->rtmp ||
+         stream->rtmp->http_status == H2_HTTP_STATUS_UNSET ||
+         /* We accept a certain amount of failures in order to reply
+          * with an informative HTTP error response like 413. But if the
+          * client is too wrong, we fail the request a RESET of the stream */
+         stream->request_headers_failed > 100)) {
         return NGHTTP2_ERR_TEMPORAL_CALLBACK_FAILURE;
     }
     return 0;
diff --git a/modules/http2/h2_stream.c b/modules/http2/h2_stream.c
index cf6f79897dda303cd6be170d62fd5f8e8b8d4779..0390967875c7812e40883c190db948a097272aa9 100644 (file)
--- a/modules/http2/h2_stream.c
+++ b/modules/http2/h2_stream.c
@@ -759,6 +759,7 @@ apr_status_t h2_stream_add_header(h2_stream *stream,
     
 cleanup:
     if (error) {
+        ++stream->request_headers_failed;
         set_error_response(stream, error);
         return APR_EINVAL; 
     }
diff --git a/modules/http2/h2_stream.h b/modules/http2/h2_stream.h
index 695d56ac5e1cf0797ff16fc4c7000cb29b32dc07..de704a0e733c16710a7d26e140a53e5ed981a6c8 100644 (file)
--- a/modules/http2/h2_stream.h
+++ b/modules/http2/h2_stream.h
@@ -76,6 +76,7 @@ struct h2_stream {
     struct h2_request *rtmp;    /* request being assembled */
     apr_table_t *trailers_in;   /* optional, incoming trailers */
     int request_headers_added;  /* number of request headers added */
+    int request_headers_failed; /* number of request headers failed to add */
 
 #if AP_HAS_RESPONSE_BUCKETS
     ap_bucket_response *response; /* the final, non-interim response or NULL */
Mirror of https://github.com/apache/httpd.git