gr1ffon/quic-go
1
0
Fork 0
forked from quic-go/quic-go
Code Pull Requests Activity

reject http3 requests that exceeded the header size limit

Browse Source
This commit is contained in:
Marten Seemann
2019-08-22 10:23:51 +07:00
parent 2133d01956
commit 9294652ecc
2 changed files with 33 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
http3/server.go
View File

@@ -155,6 +155,13 @@ func (s *Server) handleConn(sess quic.Session) {
}
}
func (s *Server) maxHeaderBytes() uint64 {
if s.Server.MaxHeaderBytes <= 0 {
return http.DefaultMaxHeaderBytes
}
return uint64(s.Server.MaxHeaderBytes)
}
// TODO: improve error handling.
// Most (but not all) of the errors occurring here are connection-level erros.
func (s *Server) handleRequest(str quic.Stream, decoder *qpack.Decoder) error {
@@ -168,7 +175,10 @@ func (s *Server) handleRequest(str quic.Stream, decoder *qpack.Decoder) error {
str.CancelWrite(quic.ErrorCode(errorUnexpectedFrame))
return errors.New("expected first frame to be a headers frame")
}
// TODO: check length
if hf.Length > s.maxHeaderBytes() {
str.CancelWrite(quic.ErrorCode(errorLimitExceeded))
return fmt.Errorf("Headers frame too large: %d bytes (max: %d)", hf.Length, s.maxHeaderBytes())
}
headerBlock := make([]byte, hf.Length)
if _, err := io.ReadFull(str, headerBlock); err != nil {
str.CancelWrite(quic.ErrorCode(errorIncompleteRequest))