Author: markt
Date: Thu Jun 18 19:50:29 2015
New Revision: 1686304
URL: http://svn.apache.org/r1686304
Log:
Validate that the padding is not too long
Modified:
tomcat/trunk/java/org/apache/coyote/http2/Http2Parser.java
tomcat/trunk/java/org/apache/coyote/http2/LocalStrings.properties
tomcat/trunk/test/org/apache/coyote/http2/TestHttp2Section_6_1.java
Modified: tomcat/trunk/java/org/apache/coyote/http2/Http2Parser.java
URL:
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/coyote/http2/Http2Parser.java?rev=1686304&r1=1686303&r2=1686304&view=diff
==============================================================================
--- tomcat/trunk/java/org/apache/coyote/http2/Http2Parser.java (original)
+++ tomcat/trunk/java/org/apache/coyote/http2/Http2Parser.java Thu Jun 18
19:50:29 2015
@@ -141,6 +141,13 @@ class Http2Parser {
byte[] b = new byte[1];
input.fill(true, b);
padLength = b[0] & 0xFF;
+
+ if (padLength >= payloadSize) {
+ throw new ConnectionException(
+
sm.getString("http2Parser.processFrameData.tooMuchPadding", connectionId,
+ Integer.toString(streamId),
Integer.toString(padLength),
+ Integer.toString(payloadSize)),
Http2Error.PROTOCOL_ERROR);
+ }
// +1 is for the padding length byte we just read above
dataLength = payloadSize - (padLength + 1);
} else {
Modified: tomcat/trunk/java/org/apache/coyote/http2/LocalStrings.properties
URL:
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/coyote/http2/LocalStrings.properties?rev=1686304&r1=1686303&r2=1686304&view=diff
==============================================================================
--- tomcat/trunk/java/org/apache/coyote/http2/LocalStrings.properties (original)
+++ tomcat/trunk/java/org/apache/coyote/http2/LocalStrings.properties Thu Jun
18 19:50:29 2015
@@ -46,6 +46,7 @@ http2Parser.processFrame=Connection [{0}
http2Parser.processFrame.unexpectedType=Expected frame type [{0}] but received
frame type [{1}]
http2Parser.processFrameContinuation.notExpected=Connection [{0}],
Continuation frame received for stream [{1}] when no headers were in progress
http2Parser.processFrameData.lengths=Connection [{0}], Stream [{1}], Data
length, [{2}], Padding length [{3}]
+http2Parser.processFrameData.tooMuchPadding=Connection [{0}], Stream [{1}],
The padding length [{2}] was too big for the payload [{3}]
http2Parser.processFrameGoaway.payloadTooSmall=Connection [{0}]: Goaway
payload size was [{1}] which is less than the minimum 8
http2Parser.processFrameHeaders.decodingFailed=There was an error during the
HPACK decoding of HTTP headers
http2Parser.processFrameHeaders.decodingDataLeft=Data left over after HPACK
decoding - it should have been consumed
Modified: tomcat/trunk/test/org/apache/coyote/http2/TestHttp2Section_6_1.java
URL:
http://svn.apache.org/viewvc/tomcat/trunk/test/org/apache/coyote/http2/TestHttp2Section_6_1.java?rev=1686304&r1=1686303&r2=1686304&view=diff
==============================================================================
--- tomcat/trunk/test/org/apache/coyote/http2/TestHttp2Section_6_1.java
(original)
+++ tomcat/trunk/test/org/apache/coyote/http2/TestHttp2Section_6_1.java Thu Jun
18 19:50:29 2015
@@ -116,5 +116,32 @@ public class TestHttp2Section_6_1 extend
Assert.assertTrue(trace, trace.startsWith("0-Goaway-[1]-[1]-["));
}
+
+ @Test
+ public void testDataFrameTooMuchPadding() throws Exception {
+ http2Connect();
+
+ byte[] dataFrame = new byte[10];
+
+ // Header
+ // length
+ ByteUtil.setThreeBytes(dataFrame, 0, 1);
+ // type 0 (data)
+ // flags 8 (padded)
+ dataFrame[4] = 0x08;
+ // stream 3
+ ByteUtil.set31Bits(dataFrame, 5, 3);
+ // payload (pad length of 1)
+ dataFrame[9] = 1;
+
+ os.write(dataFrame);
+ os.flush();
+
+ parser.readFrame(true);
+
+ String trace = output.getTrace();
+ Assert.assertTrue(trace, trace.startsWith("0-Goaway-[1]-[1]-["));
+ }
+
// TODO: Remainder if section 6.1 tests
}
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
