BUG/MINOR: qmux: reject too large initial record

Initial max_record_size is set to 16382. If the first received record
size is larger, abort xprt_qmux layer immediately without having to wait
for the timeout.

No need to backport.

diff --git a/src/xprt_qmux.c b/src/xprt_qmux.c
index e544f559a01146b229c3cd7b9035da9bbbe41d39..1fdbcd88bc9d5f8c6fe2cfe37f4fe96fbcf50cf9 100644 (file)
--- a/src/xprt_qmux.c
+++ b/src/xprt_qmux.c
@@ -97,6 +97,10 @@ int conn_recv_qmux(struct connection *conn, struct xprt_qmux_ctx *ctx, int flag)
                ctx->rxrlen = rlen;
        }
 
+       /* TODO initial max_record_size is limited to 16382 */
+       if (ctx->rxrlen > b_size(buf))
+               goto fail;
+
        if (ctx->rxrlen > b_data(buf))
                goto not_ready;