mirrors
/
kore
mirror of https://git.kore.io/kore.git
1
0
Fork 1
Code Issues Projects Releases Wiki Activity

when receiving SETTINGS verify that the number of settings received by 

the client matches the length of the SPDY frame we received.
Otherwise bad clients could potentially cause us to misbehave.
This commit is contained in:
Joris Vink 2013-07-01 12:34:18 +02:00
parent 0c08b57d3e
commit 69df62f0ea
1 changed files with 8 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
src/spdy.c
View File

@ -447,12 +447,19 @@ static int
spdy_ctrl_frame_settings(struct netbuf *nb)
{
u_int8_t *buf, flags;
u_int32_t ecount, i, id, val;
u_int32_t ecount, i, id, val, length;
struct connection *c = (struct connection *)nb->owner;
ecount = net_read32(nb->buf + SPDY_FRAME_SIZE);
kore_debug("SPDY_SETTINGS: %d settings present", ecount);
length = net_read32(nb->buf + 4) & 0xffffff;
if (length != ((ecount * 8) + 4)) {
kore_debug("ecount is not correct (%d != %d)", length,
(ecount * 8) + 4);
return (KORE_RESULT_ERROR);
}
buf = nb->buf + SPDY_FRAME_SIZE + 4;
for (i = 0; i < ecount; i++) {
flags = *(u_int8_t *)buf;