It may happen that the data in `emptyframe.http2` reaches the client
even before the client has started sending the request, causing an
`ERR_HTTP2_STREAM_ERROR` instead. Fix this by making sure the frame is
not sent until some data reaches the server.
PR-URL: https://github.com/nodejs/node/pull/45212
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: Mohammed Keyvanzadeh <mohammadkeyvanzade94@gmail.com>
Reviewed-By: Juan José Arboleda <soyjuanarbol@gmail.com>
PR-URL: https://github.com/nodejs/node/pull/39607
Reviewed-By: Robert Nagy <ronagy@icloud.com>
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Reviewed-By: Matteo Collina <matteo.collina@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
Use the existing mechanism that we have to keep track of invalid frames
for treating this specific kind of invalid frame.
The commit that originally introduced this check was 695e38be69,
which was supposed to proected against CVE-2019-9518, which in turn
was specifically about a *flood* of empty data frames. While these are
still invalid frames either way, it makes sense to be forgiving here
and just treat them like other invalid frames, i.e. to allow a small
(configurable) number of them.
Fixes: https://github.com/nodejs/node/issues/37849
PR-URL: https://github.com/nodejs/node/pull/37875
Reviewed-By: Matteo Collina <matteo.collina@gmail.com>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
