aboutsummaryrefslogtreecommitdiff
path: root/src
diff options
context:
space:
mode:
authorRoman Arutyunyan <arut@nginx.com>2021-05-05 13:28:05 +0300
committerRoman Arutyunyan <arut@nginx.com>2021-05-05 13:28:05 +0300
commitacc3ad0060d31609a359b3ace61bc4a0ebb780f5 (patch)
tree585ece3eee062eb2e2ca6e442681bf052ad1ff81 /src
parentf36ebdc3cd2cfd2041af8d7a3d7986a434d9c080 (diff)
downloadnginx-acc3ad0060d31609a359b3ace61bc4a0ebb780f5.tar.gz
nginx-acc3ad0060d31609a359b3ace61bc4a0ebb780f5.zip
HTTP/3: reject empty DATA and HEADERS frames on control stream.
Previously only non-empty frames were rejected.
Diffstat (limited to 'src')
-rw-r--r--src/http/v3/ngx_http_v3_parse.c9
1 files changed, 4 insertions, 5 deletions
diff --git a/src/http/v3/ngx_http_v3_parse.c b/src/http/v3/ngx_http_v3_parse.c
index 18255a677..3d0b09197 100644
--- a/src/http/v3/ngx_http_v3_parse.c
+++ b/src/http/v3/ngx_http_v3_parse.c
@@ -1026,7 +1026,10 @@ ngx_http_v3_parse_control(ngx_connection_t *c, void *data, u_char ch)
ngx_log_debug1(NGX_LOG_DEBUG_HTTP, c->log, 0,
"http3 parse frame type:%ui", st->type);
- if (ngx_http_v3_is_v2_frame(st->type)) {
+ if (ngx_http_v3_is_v2_frame(st->type)
+ || st->type == NGX_HTTP_V3_FRAME_DATA
+ || st->type == NGX_HTTP_V3_FRAME_HEADERS)
+ {
return NGX_HTTP_V3_ERR_FRAME_UNEXPECTED;
}
@@ -1069,10 +1072,6 @@ ngx_http_v3_parse_control(ngx_connection_t *c, void *data, u_char ch)
st->state = sw_max_push_id;
break;
- case NGX_HTTP_V3_FRAME_DATA:
- case NGX_HTTP_V3_FRAME_HEADERS:
- return NGX_HTTP_V3_ERR_FRAME_UNEXPECTED;
-
default:
ngx_log_debug0(NGX_LOG_DEBUG_HTTP, c->log, 0,
"http3 parse skip unknown frame");
generated by cgit v1.2.3 (git 2.25.1) at 2025-07-18 21:21:13 +0000