[core] stricter check of HTTP/2 GOAWAY frame size

author: Glenn Strauss <gstrauss@gluelogic.com> 2022-04-10 17:23:03 -0400
committer: Glenn Strauss <gstrauss@gluelogic.com> 2022-04-10 17:23:03 -0400
commit: 3795c6740c6348a37a41199ff6259389cf208bee (patch)
tree: c9d1a8dfce2c0364f13461bdbdf57edba378b698 /src/h2.c
parent: 0f3075b8851e1fef32af9d6939e836a29b55e469 (diff)
download: lighttpd-git-3795c6740c6348a37a41199ff6259389cf208bee.tar.gz
1 files changed, 4 insertions, 1 deletions
diff --git a/src/h2.c b/src/h2.c
index f400dc90..f8ea9489 100644
--- a/src/h2.c
+++ b/src/h2.c
@@ -459,7 +459,10 @@ h2_recv_goaway (connection * const con, const uint8_t * const s, uint32_t len)
 {
     /*(s must be entire GOAWAY frame and len the frame length field)*/
     /*assert(s[3] == H2_FTYPE_GOAWAY);*/
-    UNUSED(len);
+    if (len < 8) {          /*(GOAWAY frame length must be >= 8)*/
+        h2_send_goaway_e(con, H2_E_FRAME_SIZE_ERROR);
+        return 0;
+    }
     if (0 != h2_u31(s+5)) { /*(GOAWAY stream id must be 0)*/
         h2_send_goaway_e(con, H2_E_PROTOCOL_ERROR);
         return 0;
author	Glenn Strauss <gstrauss@gluelogic.com>	2022-04-10 17:23:03 -0400
committer	Glenn Strauss <gstrauss@gluelogic.com>	2022-04-10 17:23:03 -0400
commit	3795c6740c6348a37a41199ff6259389cf208bee (patch)
tree	c9d1a8dfce2c0364f13461bdbdf57edba378b698 /src/h2.c
parent	0f3075b8851e1fef32af9d6939e836a29b55e469 (diff)
download	lighttpd-git-3795c6740c6348a37a41199ff6259389cf208bee.tar.gz