This is an automated email from the ASF dual-hosted git repository.
remm pushed a commit to branch 9.0.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/9.0.x by this push:
new 56c256a 65340: Fix NegativeArraySizeException exception in hpack
decoder
56c256a is described below
commit 56c256a5969489ef6731f0f1c1726f8c2184c44b
Author: remm <r...@apache.org>
AuthorDate: Thu Jun 3 10:53:21 2021 +0200
65340: Fix NegativeArraySizeException exception in hpack decoder
Submitted by Thomas.
---
java/org/apache/coyote/http2/HpackDecoder.java | 2 +-
webapps/docs/changelog.xml | 7 +++++++
2 files changed, 8 insertions(+), 1 deletion(-)
diff --git a/java/org/apache/coyote/http2/HpackDecoder.java
b/java/org/apache/coyote/http2/HpackDecoder.java
index 517dc0b..02802ad 100644
--- a/java/org/apache/coyote/http2/HpackDecoder.java
+++ b/java/org/apache/coyote/http2/HpackDecoder.java
@@ -213,7 +213,7 @@ public class HpackDecoder {
byte data = buffer.get(buffer.position());
int length = Hpack.decodeInteger(buffer, 7);
- if (buffer.remaining() < length) {
+ if (buffer.remaining() < length || length == -1) {
return null;
}
boolean huffman = (data & 0b10000000) != 0;
diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
index f26eaf9..b2074d0 100644
--- a/webapps/docs/changelog.xml
+++ b/webapps/docs/changelog.xml
@@ -181,6 +181,13 @@
<fix>
Optimize NIO selector handling for Java 11. (remm)
</fix>
+ <fix>
+ <bug>65340</bug>: Add missing check for a negative return value for
+ <code>Hpack.decodeInteger</code> in the <code>HpackDecoder</code>,
+ which could cause a <code>NegativeArraySizeException</code> exception.
+ Submitted by Thomas, and verified the fix is present in the donated
+ hpack code in a further update. (remm)
+ </fix>
</changelog>
</subsection>
<subsection name="Jasper">
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
