[vlc-commits] http: handle invalid WINDOW_UPDATE increment value
Rémi Denis-Courmont
git at videolan.org
Sun Sep 22 20:11:20 CEST 2019
vlc | branch: master | Rémi Denis-Courmont <remi at remlab.net> | Sun Sep 22 19:48:38 2019 +0300| [4ba88ad56594d7b30cd8926c5be5176030804574] | committer: Rémi Denis-Courmont
http: handle invalid WINDOW_UPDATE increment value
> http://git.videolan.org/gitweb.cgi/vlc.git/?a=commit;h=4ba88ad56594d7b30cd8926c5be5176030804574
---
modules/access/http/h2frame.c | 16 +++++++++++++---
1 file changed, 13 insertions(+), 3 deletions(-)
diff --git a/modules/access/http/h2frame.c b/modules/access/http/h2frame.c
index 2ece26ebcf..4a2b728a7f 100644
--- a/modules/access/http/h2frame.c
+++ b/modules/access/http/h2frame.c
@@ -854,16 +854,26 @@ static int vlc_h2_parse_frame_window_update(struct vlc_h2_parser *p,
struct vlc_h2_frame *f, size_t len,
uint_fast32_t id)
{
- free(f);
-
if (len != 4)
{
+ free(f);
+
if (id == 0)
return vlc_h2_parse_error(p, VLC_H2_FRAME_SIZE_ERROR);
return vlc_h2_stream_error(p, id, VLC_H2_FRAME_SIZE_ERROR);
}
- /* Nothing to do as we do not send data for the time being. */
+ uint_fast32_t credit = GetDWBE(vlc_h2_frame_payload(f)) & 0x7fffffffu;
+
+ free(f);
+
+ if (credit == 0)
+ {
+ if (id == 0)
+ return vlc_h2_parse_error(p, VLC_H2_PROTOCOL_ERROR);
+ return vlc_h2_stream_error(p, id, VLC_H2_PROTOCOL_ERROR);
+ }
+
return 0;
}
More information about the vlc-commits
mailing list