HTTP/3: reject empty DATA and HEADERS frames on control stream.

Previously only non-empty frames were rejected.

1 files changed, 4 insertions, 5 deletions

diff --git a/src/http/v3/ngx_http_v3_parse.c b/src/http/v3/ngx_http_v3_parse.c
index 18255a677..3d0b09197 100644
--- a/src/http/v3/ngx_http_v3_parse.c
+++ b/src/http/v3/ngx_http_v3_parse.c
@@ -1026,7 +1026,10 @@ ngx_http_v3_parse_control(ngx_connection_t *c, void *data, u_char ch)
         ngx_log_debug1(NGX_LOG_DEBUG_HTTP, c->log, 0,
                        "http3 parse frame type:%ui", st->type);
 
-        if (ngx_http_v3_is_v2_frame(st->type)) {
+        if (ngx_http_v3_is_v2_frame(st->type)
+            || st->type == NGX_HTTP_V3_FRAME_DATA
+            || st->type == NGX_HTTP_V3_FRAME_HEADERS)
+        {
             return NGX_HTTP_V3_ERR_FRAME_UNEXPECTED;
         }
 
@@ -1069,10 +1072,6 @@ ngx_http_v3_parse_control(ngx_connection_t *c, void *data, u_char ch)
             st->state = sw_max_push_id;
             break;
 
-        case NGX_HTTP_V3_FRAME_DATA:
-        case NGX_HTTP_V3_FRAME_HEADERS:
-            return NGX_HTTP_V3_ERR_FRAME_UNEXPECTED;
-
         default:
             ngx_log_debug0(NGX_LOG_DEBUG_HTTP, c->log, 0,
                            "http3 parse skip unknown frame");