-
Notifications
You must be signed in to change notification settings - Fork 554
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
Showing
18 changed files
with
561 additions
and
24 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,94 @@ | ||
From c9adb2114e9d9d4a50ff273234c2a1f8518aafd1 Mon Sep 17 00:00:00 2001 | ||
From: Vince Perri <5596945+vinceaperri@users.noreply.github.com> | ||
Date: Wed, 20 Nov 2024 22:38:53 +0000 | ||
Subject: [PATCH] http2: push headers better cleanup | ||
|
||
Original patch: https://github.com/curl/curl/commit/deca8039991886a559b67bcd6 | ||
--- | ||
Utilities/cmcurl/lib/http2.c | 34 +++++++++++++++------------------- | ||
1 file changed, 15 insertions(+), 19 deletions(-) | ||
|
||
diff --git a/Utilities/cmcurl/lib/http2.c b/Utilities/cmcurl/lib/http2.c | ||
index f194c18b..50b8cd54 100644 | ||
--- a/Utilities/cmcurl/lib/http2.c | ||
+++ b/Utilities/cmcurl/lib/http2.c | ||
@@ -116,6 +116,15 @@ static int http2_getsock(struct Curl_easy *data, | ||
return bitmap; | ||
} | ||
|
||
+static void free_push_headers(struct HTTP *stream) | ||
+{ | ||
+ size_t i; | ||
+ for(i = 0; i<stream->push_headers_used; i++) | ||
+ free(stream->push_headers[i]); | ||
+ Curl_safefree(stream->push_headers); | ||
+ stream->push_headers_used = 0; | ||
+} | ||
+ | ||
/* | ||
* http2_stream_free() free HTTP2 stream related data | ||
*/ | ||
@@ -123,11 +132,7 @@ static void http2_stream_free(struct HTTP *http) | ||
{ | ||
if(http) { | ||
Curl_dyn_free(&http->header_recvbuf); | ||
- for(; http->push_headers_used > 0; --http->push_headers_used) { | ||
- free(http->push_headers[http->push_headers_used - 1]); | ||
- } | ||
- free(http->push_headers); | ||
- http->push_headers = NULL; | ||
+ free_push_headers(http); | ||
} | ||
} | ||
|
||
@@ -559,7 +564,6 @@ static int push_promise(struct Curl_easy *data, | ||
struct curl_pushheaders heads; | ||
CURLMcode rc; | ||
struct http_conn *httpc; | ||
- size_t i; | ||
/* clone the parent */ | ||
struct Curl_easy *newhandle = duphandle(data); | ||
if(!newhandle) { | ||
@@ -595,11 +599,7 @@ static int push_promise(struct Curl_easy *data, | ||
Curl_set_in_callback(data, false); | ||
|
||
/* free the headers again */ | ||
- for(i = 0; i<stream->push_headers_used; i++) | ||
- free(stream->push_headers[i]); | ||
- free(stream->push_headers); | ||
- stream->push_headers = NULL; | ||
- stream->push_headers_used = 0; | ||
+ free_push_headers(stream); | ||
|
||
if(rv) { | ||
DEBUGASSERT((rv > CURL_PUSH_OK) && (rv <= CURL_PUSH_ERROROUT)); | ||
@@ -1033,10 +1033,10 @@ static int on_header(nghttp2_session *session, const nghttp2_frame *frame, | ||
stream->push_headers_alloc) { | ||
char **headp; | ||
stream->push_headers_alloc *= 2; | ||
- headp = Curl_saferealloc(stream->push_headers, | ||
- stream->push_headers_alloc * sizeof(char *)); | ||
+ headp = realloc(stream->push_headers, | ||
+ stream->push_headers_alloc * sizeof(char *)); | ||
if(!headp) { | ||
- stream->push_headers = NULL; | ||
+ free_push_headers(stream); | ||
return NGHTTP2_ERR_TEMPORAL_CALLBACK_FAILURE; | ||
} | ||
stream->push_headers = headp; | ||
@@ -1204,11 +1204,7 @@ void Curl_http2_done(struct Curl_easy *data, bool premature) | ||
Curl_dyn_free(&http->trailer_recvbuf); | ||
if(http->push_headers) { | ||
/* if they weren't used and then freed before */ | ||
- for(; http->push_headers_used > 0; --http->push_headers_used) { | ||
- free(http->push_headers[http->push_headers_used - 1]); | ||
- } | ||
- free(http->push_headers); | ||
- http->push_headers = NULL; | ||
+ free_push_headers(http); | ||
} | ||
|
||
if(!(data->conn->handler->protocol&PROTO_FAMILY_HTTP) || | ||
-- | ||
2.34.1 | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,108 @@ | ||
From 875373fb67097281d4a4ff461e531b9bef947818 Mon Sep 17 00:00:00 2001 | ||
From: Vince Perri <5596945+vinceaperri@users.noreply.github.com> | ||
Date: Thu, 21 Nov 2024 14:11:36 +0000 | ||
Subject: [PATCH] Limit CONTINUATION frames following an incoming HEADER frame | ||
|
||
Original patch: https://github.com/nghttp2/nghttp2/commit/00201ecd8f982da3b67d4f6868af72a1b03b14e0 | ||
--- | ||
Utilities/cmnghttp2/lib/includes/nghttp2/nghttp2.h | 7 ++++++- | ||
Utilities/cmnghttp2/lib/nghttp2_helper.c | 2 ++ | ||
Utilities/cmnghttp2/lib/nghttp2_session.c | 8 ++++++++ | ||
Utilities/cmnghttp2/lib/nghttp2_session.h | 10 ++++++++++ | ||
4 files changed, 26 insertions(+), 1 deletion(-) | ||
|
||
diff --git a/Utilities/cmnghttp2/lib/includes/nghttp2/nghttp2.h b/Utilities/cmnghttp2/lib/includes/nghttp2/nghttp2.h | ||
index e4e1d4fc..a140199a 100644 | ||
--- a/Utilities/cmnghttp2/lib/includes/nghttp2/nghttp2.h | ||
+++ b/Utilities/cmnghttp2/lib/includes/nghttp2/nghttp2.h | ||
@@ -428,7 +428,12 @@ typedef enum { | ||
* exhaustion on server side to send these frames forever and does | ||
* not read network. | ||
*/ | ||
- NGHTTP2_ERR_FLOODED = -904 | ||
+ NGHTTP2_ERR_FLOODED = -904, | ||
+ /** | ||
+ * When a local endpoint receives too many CONTINUATION frames | ||
+ * following a HEADER frame. | ||
+ */ | ||
+ NGHTTP2_ERR_TOO_MANY_CONTINUATIONS = -905, | ||
} nghttp2_error; | ||
|
||
/** | ||
diff --git a/Utilities/cmnghttp2/lib/nghttp2_helper.c b/Utilities/cmnghttp2/lib/nghttp2_helper.c | ||
index 91136a61..f150ab54 100644 | ||
--- a/Utilities/cmnghttp2/lib/nghttp2_helper.c | ||
+++ b/Utilities/cmnghttp2/lib/nghttp2_helper.c | ||
@@ -334,6 +334,8 @@ const char *nghttp2_strerror(int error_code) { | ||
case NGHTTP2_ERR_FLOODED: | ||
return "Flooding was detected in this HTTP/2 session, and it must be " | ||
"closed"; | ||
+ case NGHTTP2_ERR_TOO_MANY_CONTINUATIONS: | ||
+ return "Too many CONTINUATION frames following a HEADER frame"; | ||
default: | ||
return "Unknown error code"; | ||
} | ||
diff --git a/Utilities/cmnghttp2/lib/nghttp2_session.c b/Utilities/cmnghttp2/lib/nghttp2_session.c | ||
index a3c0b708..f02e3f95 100644 | ||
--- a/Utilities/cmnghttp2/lib/nghttp2_session.c | ||
+++ b/Utilities/cmnghttp2/lib/nghttp2_session.c | ||
@@ -463,6 +463,7 @@ static int session_new(nghttp2_session **session_ptr, | ||
|
||
(*session_ptr)->max_send_header_block_length = NGHTTP2_MAX_HEADERSLEN; | ||
(*session_ptr)->max_outbound_ack = NGHTTP2_DEFAULT_MAX_OBQ_FLOOD_ITEM; | ||
+ (*session_ptr)->max_continuations = NGHTTP2_DEFAULT_MAX_CONTINUATIONS; | ||
|
||
if (option) { | ||
if ((option->opt_set_mask & NGHTTP2_OPT_NO_AUTO_WINDOW_UPDATE) && | ||
@@ -6297,6 +6298,8 @@ ssize_t nghttp2_session_mem_recv(nghttp2_session *session, const uint8_t *in, | ||
} | ||
} | ||
session_inbound_frame_reset(session); | ||
+ | ||
+ session->num_continuations = 0; | ||
} | ||
break; | ||
} | ||
@@ -6418,6 +6421,11 @@ ssize_t nghttp2_session_mem_recv(nghttp2_session *session, const uint8_t *in, | ||
} | ||
#endif /* DEBUGBUILD */ | ||
|
||
+ | ||
+ if (++session->num_continuations > session->max_continuations) { | ||
+ return NGHTTP2_ERR_TOO_MANY_CONTINUATIONS; | ||
+ } | ||
+ | ||
readlen = inbound_frame_buf_read(iframe, in, last); | ||
in += readlen; | ||
|
||
diff --git a/Utilities/cmnghttp2/lib/nghttp2_session.h b/Utilities/cmnghttp2/lib/nghttp2_session.h | ||
index b75294c3..f53acac7 100644 | ||
--- a/Utilities/cmnghttp2/lib/nghttp2_session.h | ||
+++ b/Utilities/cmnghttp2/lib/nghttp2_session.h | ||
@@ -107,6 +107,10 @@ typedef struct { | ||
#define NGHTTP2_DEFAULT_STREAM_RESET_BURST 1000 | ||
#define NGHTTP2_DEFAULT_STREAM_RESET_RATE 33 | ||
|
||
+/* The default max number of CONTINUATION frames following an incoming | ||
+ HEADER frame. */ | ||
+#define NGHTTP2_DEFAULT_MAX_CONTINUATIONS 8 | ||
+ | ||
/* Internal state when receiving incoming frame */ | ||
typedef enum { | ||
/* Receiving frame header */ | ||
@@ -277,6 +281,12 @@ struct nghttp2_session { | ||
/* The maximum length of header block to send. Calculated by the | ||
same way as nghttp2_hd_deflate_bound() does. */ | ||
size_t max_send_header_block_length; | ||
+ /* The maximum number of CONTINUATION frames following an incoming | ||
+ HEADER frame. */ | ||
+ size_t max_continuations; | ||
+ /* The number of CONTINUATION frames following an incoming HEADER | ||
+ frame. This variable is reset when END_HEADERS flag is seen. */ | ||
+ size_t num_continuations; | ||
/* Next Stream ID. Made unsigned int to detect >= (1 << 31). */ | ||
uint32_t next_stream_id; | ||
/* The last stream ID this session initiated. For client session, | ||
-- | ||
2.34.1 | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,121 @@ | ||
From e5daecf74dd60974e7ae91e432032e6cfdaaf15e Mon Sep 17 00:00:00 2001 | ||
From: Vince Perri <5596945+vinceaperri@users.noreply.github.com> | ||
Date: Thu, 21 Nov 2024 14:52:49 +0000 | ||
Subject: [PATCH 1/2] x509asn1: clean up GTime2str | ||
|
||
Original patch: https://github.com/curl/curl/commit/3c914bc680155b321 | ||
--- | ||
Utilities/cmcurl/lib/x509asn1.c | 23 ++++++++++++++--------- | ||
1 file changed, 14 insertions(+), 9 deletions(-) | ||
|
||
diff --git a/Utilities/cmcurl/lib/x509asn1.c b/Utilities/cmcurl/lib/x509asn1.c | ||
index 281c9724..b1160102 100644 | ||
--- a/Utilities/cmcurl/lib/x509asn1.c | ||
+++ b/Utilities/cmcurl/lib/x509asn1.c | ||
@@ -469,7 +469,7 @@ static const char *GTime2str(const char *beg, const char *end) | ||
/* Convert an ASN.1 Generalized time to a printable string. | ||
Return the dynamically allocated string, or NULL if an error occurs. */ | ||
|
||
- for(fracp = beg; fracp < end && *fracp >= '0' && *fracp <= '9'; fracp++) | ||
+ for(fracp = beg; fracp < end && ISDIGIT(*fracp); fracp++) | ||
; | ||
|
||
/* Get seconds digits. */ | ||
@@ -488,17 +488,22 @@ static const char *GTime2str(const char *beg, const char *end) | ||
return NULL; | ||
} | ||
|
||
- /* Scan for timezone, measure fractional seconds. */ | ||
+ /* timezone follows optional fractional seconds. */ | ||
tzp = fracp; | ||
- fracl = 0; | ||
+ fracl = 0; /* no fractional seconds detected so far */ | ||
if(fracp < end && (*fracp == '.' || *fracp == ',')) { | ||
- fracp++; | ||
- do | ||
+ /* Have fractional seconds, e.g. "[.,]\d+". How many? */ | ||
+ tzp = fracp++; /* should be a digit char or BAD ARGUMENT */ | ||
+ while(tzp < end && ISDIGIT(*tzp)) | ||
tzp++; | ||
- while(tzp < end && *tzp >= '0' && *tzp <= '9'); | ||
- /* Strip leading zeroes in fractional seconds. */ | ||
- for(fracl = tzp - fracp - 1; fracl && fracp[fracl - 1] == '0'; fracl--) | ||
- ; | ||
+ if(tzp == fracp) /* never looped, no digit after [.,] */ | ||
+ return CURLE_BAD_FUNCTION_ARGUMENT; | ||
+ fracl = tzp - fracp - 1; /* number of fractional sec digits */ | ||
+ DEBUGASSERT(fracl > 0); | ||
+ /* Strip trailing zeroes in fractional seconds. | ||
+ * May reduce fracl to 0 if only '0's are present. */ | ||
+ while(fracl && fracp[fracl - 1] == '0') | ||
+ fracl--; | ||
} | ||
|
||
/* Process timezone. */ | ||
-- | ||
2.34.1 | ||
|
||
From 13e627cf5b98be84a8cead6e4518932dba7f2cb7 Mon Sep 17 00:00:00 2001 | ||
From: Vince Perri <5596945+vinceaperri@users.noreply.github.com> | ||
Date: Thu, 21 Nov 2024 15:02:39 +0000 | ||
Subject: [PATCH 2/2] x509asn1: fixes for gtime2str | ||
|
||
Original patch: https://github.com/curl/curl/commit/27959ecce75cdb2 | ||
--- | ||
Utilities/cmcurl/lib/x509asn1.c | 23 +++++++++++++++-------- | ||
1 file changed, 15 insertions(+), 8 deletions(-) | ||
|
||
diff --git a/Utilities/cmcurl/lib/x509asn1.c b/Utilities/cmcurl/lib/x509asn1.c | ||
index b1160102..ceb03e2a 100644 | ||
--- a/Utilities/cmcurl/lib/x509asn1.c | ||
+++ b/Utilities/cmcurl/lib/x509asn1.c | ||
@@ -493,12 +493,13 @@ static const char *GTime2str(const char *beg, const char *end) | ||
fracl = 0; /* no fractional seconds detected so far */ | ||
if(fracp < end && (*fracp == '.' || *fracp == ',')) { | ||
/* Have fractional seconds, e.g. "[.,]\d+". How many? */ | ||
- tzp = fracp++; /* should be a digit char or BAD ARGUMENT */ | ||
+ fracp++; /* should be a digit char or BAD ARGUMENT */ | ||
+ tzp = fracp; | ||
while(tzp < end && ISDIGIT(*tzp)) | ||
tzp++; | ||
if(tzp == fracp) /* never looped, no digit after [.,] */ | ||
return CURLE_BAD_FUNCTION_ARGUMENT; | ||
- fracl = tzp - fracp - 1; /* number of fractional sec digits */ | ||
+ fracl = tzp - fracp; /* number of fractional sec digits */ | ||
DEBUGASSERT(fracl > 0); | ||
/* Strip trailing zeroes in fractional seconds. | ||
* May reduce fracl to 0 if only '0's are present. */ | ||
@@ -507,18 +508,24 @@ static const char *GTime2str(const char *beg, const char *end) | ||
} | ||
|
||
/* Process timezone. */ | ||
- if(tzp >= end) | ||
- ; /* Nothing to do. */ | ||
+ if(tzp >= end) { | ||
+ tzp = ""; | ||
+ tzl = 0; | ||
+ } | ||
else if(*tzp == 'Z') { | ||
- tzp = " GMT"; | ||
- end = tzp + 4; | ||
+ sep = " "; | ||
+ tzp = "GMT"; | ||
+ tzl = 3; | ||
+ } | ||
+ else if((*tzp == '+') || (*tzp == '-')) { | ||
+ sep = " UTC"; | ||
+ tzl = end - tzp; | ||
} | ||
else { | ||
sep = " "; | ||
- tzp++; | ||
+ tzl = end - tzp; | ||
} | ||
|
||
- tzl = end - tzp; | ||
return curl_maprintf("%.4s-%.2s-%.2s %.2s:%.2s:%c%c%s%.*s%s%.*s", | ||
beg, beg + 4, beg + 6, | ||
beg + 8, beg + 10, sec1, sec2, | ||
-- | ||
2.34.1 | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.