diff options
| author | Roman Arutyunyan <arut@nginx.com> | 2022-05-26 16:17:56 +0400 |
|---|---|---|
| committer | Roman Arutyunyan <arut@nginx.com> | 2022-05-26 16:17:56 +0400 |
| commit | 7123ff29167b3c51643438c33c4f9a9a39dd22a6 (patch) | |
| tree | 4086da05c3ab7479a00de68ff03adbf389136173 /src/http/v3/ngx_http_v3_parse.c | |
| parent | 9d81ef744cdaacf1e52bcaec4224d375af5ba59b (diff) | |
| download | nginx-7123ff29167b3c51643438c33c4f9a9a39dd22a6.tar.gz nginx-7123ff29167b3c51643438c33c4f9a9a39dd22a6.zip | |
HTTP/3: require that field section base index is not negative.
RFC 9204 explicitly requires that.
Diffstat (limited to 'src/http/v3/ngx_http_v3_parse.c')
| -rw-r--r-- | src/http/v3/ngx_http_v3_parse.c | 6 |
1 files changed, 6 insertions, 0 deletions
diff --git a/src/http/v3/ngx_http_v3_parse.c b/src/http/v3/ngx_http_v3_parse.c index cd70bd3bf..7dc53493c 100644 --- a/src/http/v3/ngx_http_v3_parse.c +++ b/src/http/v3/ngx_http_v3_parse.c @@ -474,7 +474,13 @@ done: } if (st->sign) { + if (st->insert_count <= st->delta_base) { + ngx_log_error(NGX_LOG_INFO, c->log, 0, "client sent negative base"); + return NGX_HTTP_V3_ERR_DECOMPRESSION_FAILED; + } + st->base = st->insert_count - st->delta_base - 1; + } else { st->base = st->insert_count + st->delta_base; } |