summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorTimur Pocheptsov <timur.pocheptsov@theqtcompany.com>2016-07-25 17:41:00 +0200
committerTimur Pocheptsov <timur.pocheptsov@theqtcompany.com>2016-07-25 18:33:08 +0000
commitc0aaef30b176f1be7f11bd3a7c1c7aff34491df7 (patch)
treec80fc57c129301cd0493a2f22e0ab40bffb89469
parenta594f85d542377d604f8287e7e7bec8fa9896265 (diff)
HTTP/2 - fix 'GOAWAY' frame size validation
Found while implementing cleartext http2 (and sending some erroneous frames) - GOAWAY can have some 'opaque debug information payload' so the frame's size is at least 8 bytes, but can be more. Change-Id: I90fb8a3df22768673c4f40ba3bf6a3f5ffe33058 Reviewed-by: Edward Welbourne <edward.welbourne@qt.io>
-rw-r--r--src/network/access/http2/http2frames.cpp8
1 files changed, 6 insertions, 2 deletions
diff --git a/src/network/access/http2/http2frames.cpp b/src/network/access/http2/http2frames.cpp
index 471fb2c7fb..55e9f93b19 100644
--- a/src/network/access/http2/http2frames.cpp
+++ b/src/network/access/http2/http2frames.cpp
@@ -73,11 +73,15 @@ FrameStatus validate_frame_header(FrameType type, FrameFlags flags, quint32 payl
return FrameStatus::sizeError;
break;
case FrameType::PING:
- case FrameType::GOAWAY:
- // 6.7 PING, 6.8 GOAWAY
+ // 6.7 PING
if (payloadSize != 8)
return FrameStatus::sizeError;
break;
+ case FrameType::GOAWAY:
+ // 6.8 GOAWAY
+ if (payloadSize < 8)
+ return FrameStatus::sizeError;
+ break;
case FrameType::RST_STREAM:
case FrameType::WINDOW_UPDATE:
// 6.4 RST_STREAM, 6.9 WINDOW_UPDATE