jiangcuo/node - node - Gitea: Git with a cup of tea

jiangcuo/node

Fork 0

mirror of https://github.com/nodejs/node.git synced 2025-05-07 09:52:26 +00:00

Commit Graph

Author SHA1 Message Date

Author	SHA1	Message	Date
Anna Henningsen	9d07c0a20b	http2: add specific error code for custom frames As suggested in https://github.com/nodejs/node/issues/37849#issuecomment-805049586 improve the error presented when encountering a large number of invalid frames by giving this situation a specific error code (which we should have had from the beginning). PR-URL: https://github.com/nodejs/node/pull/37936 Reviewed-By: James M Snell <jasnell@gmail.com> Reviewed-By: Yongsheng Zhang <zyszys98@gmail.com>	2021-04-01 12:34:55 -07:00
Anna Henningsen	87aa3f1add	http2: treat non-EOF empty frames like other invalid frames Use the existing mechanism that we have to keep track of invalid frames for treating this specific kind of invalid frame. The commit that originally introduced this check was `695e38be69`, which was supposed to proected against CVE-2019-9518, which in turn was specifically about a flood of empty data frames. While these are still invalid frames either way, it makes sense to be forgiving here and just treat them like other invalid frames, i.e. to allow a small (configurable) number of them. Fixes: https://github.com/nodejs/node/issues/37849 PR-URL: https://github.com/nodejs/node/pull/37875 Reviewed-By: Matteo Collina <matteo.collina@gmail.com> Reviewed-By: Colin Ihrig <cjihrig@gmail.com>	2021-03-26 20:51:57 +01:00

Anna Henningsen

9d07c0a20b

http2: add specific error code for custom frames

As suggested in
https://github.com/nodejs/node/issues/37849#issuecomment-805049586
improve the error presented when encountering a large number of
invalid frames by giving this situation a specific error code (which we
should have had from the beginning).

PR-URL: https://github.com/nodejs/node/pull/37936
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Yongsheng Zhang <zyszys98@gmail.com>

2021-04-01 12:34:55 -07:00

Anna Henningsen

87aa3f1add

http2: treat non-EOF empty frames like other invalid frames

Use the existing mechanism that we have to keep track of invalid frames
for treating this specific kind of invalid frame.

The commit that originally introduced this check was 695e38be69,
which was supposed to proected against CVE-2019-9518, which in turn
was specifically about a *flood* of empty data frames. While these are
still invalid frames either way, it makes sense to be forgiving here
and just treat them like other invalid frames, i.e. to allow a small
(configurable) number of them.

Fixes: https://github.com/nodejs/node/issues/37849

PR-URL: https://github.com/nodejs/node/pull/37875
Reviewed-By: Matteo Collina <matteo.collina@gmail.com>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>

2021-03-26 20:51:57 +01:00

2 Commits