From 0d8d7b6311378e1b24ea582e5dceac98c5c48223 Mon Sep 17 00:00:00 2001 From: Luis Gustavo Beligante Date: Tue, 21 Mar 2023 14:20:07 -0300 Subject: Fix handling of bad length for RST_STREAM parsing --- src/cow_http2.erl | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/src/cow_http2.erl b/src/cow_http2.erl index 0d27e6b..2925e37 100644 --- a/src/cow_http2.erl +++ b/src/cow_http2.erl @@ -192,8 +192,8 @@ parse(<< 5:24, 2:8, _:9, StreamID:31, _:1, StreamID:31, _:8, Rest/bits >>) -> 'PRIORITY frames cannot make a stream depend on itself. (RFC7540 5.3.1)', Rest}; parse(<< 5:24, 2:8, _:9, StreamID:31, E:1, DepStreamID:31, Weight:8, Rest/bits >>) -> {ok, {priority, StreamID, parse_exclusive(E), DepStreamID, Weight + 1}, Rest}; -%% @todo figure out how to best deal with frame size errors; if we have everything fine -%% if not we might want to inform the caller how much he should expect so that it can +%% @todo Figure out how to best deal with non-fatal frame size errors; if we have everything +%% then OK if not we might want to inform the caller how much he should expect so that it can %% decide if it should just close the connection parse(<< BadLen:24, 2:8, _:9, StreamID:31, _:BadLen/binary, Rest/bits >>) -> {stream_error, StreamID, frame_size_error, 'PRIORITY frames MUST be 5 bytes wide. (RFC7540 6.3)', Rest}; @@ -204,8 +204,7 @@ parse(<< 4:24, 3:8, _:9, 0:31, _/bits >>) -> {connection_error, protocol_error, 'RST_STREAM frames MUST be associated with a stream. (RFC7540 6.4)'}; parse(<< 4:24, 3:8, _:9, StreamID:31, ErrorCode:32, Rest/bits >>) -> {ok, {rst_stream, StreamID, parse_error_code(ErrorCode)}, Rest}; -%% @todo same as priority -parse(<< _:24, 3:8, _:9, _:31, _/bits >>) -> +parse(<< BadLen:24, 3:8, _:9, _:31, _/bits >>) when BadLen =/= 4 -> {connection_error, frame_size_error, 'RST_STREAM frames MUST be 4 bytes wide. (RFC7540 6.4)'}; %% %% SETTINGS frames. -- cgit v1.2.3