diff options
author | Timur Pocheptsov <timur.pocheptsov@theqtcompany.com> | 2016-07-25 17:41:00 +0200 |
---|---|---|
committer | Timur Pocheptsov <timur.pocheptsov@theqtcompany.com> | 2016-07-25 18:33:08 +0000 |
commit | c0aaef30b176f1be7f11bd3a7c1c7aff34491df7 (patch) | |
tree | c80fc57c129301cd0493a2f22e0ab40bffb89469 /src/network/access/http2/http2frames.cpp | |
parent | a594f85d542377d604f8287e7e7bec8fa9896265 (diff) |
HTTP/2 - fix 'GOAWAY' frame size validation
Found while implementing cleartext http2 (and sending some erroneous
frames) - GOAWAY can have some 'opaque debug information payload' so the
frame's size is at least 8 bytes, but can be more.
Change-Id: I90fb8a3df22768673c4f40ba3bf6a3f5ffe33058
Reviewed-by: Edward Welbourne <edward.welbourne@qt.io>
Diffstat (limited to 'src/network/access/http2/http2frames.cpp')
-rw-r--r-- | src/network/access/http2/http2frames.cpp | 8 |
1 files changed, 6 insertions, 2 deletions
diff --git a/src/network/access/http2/http2frames.cpp b/src/network/access/http2/http2frames.cpp index 471fb2c7fb..55e9f93b19 100644 --- a/src/network/access/http2/http2frames.cpp +++ b/src/network/access/http2/http2frames.cpp @@ -73,11 +73,15 @@ FrameStatus validate_frame_header(FrameType type, FrameFlags flags, quint32 payl return FrameStatus::sizeError; break; case FrameType::PING: - case FrameType::GOAWAY: - // 6.7 PING, 6.8 GOAWAY + // 6.7 PING if (payloadSize != 8) return FrameStatus::sizeError; break; + case FrameType::GOAWAY: + // 6.8 GOAWAY + if (payloadSize < 8) + return FrameStatus::sizeError; + break; case FrameType::RST_STREAM: case FrameType::WINDOW_UPDATE: // 6.4 RST_STREAM, 6.9 WINDOW_UPDATE |