Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

http2: treat non-EOF empty frames like other invalid frames #37875

Closed
wants to merge 4 commits into from
Closed

http2: treat non-EOF empty frames like other invalid frames #37875

wants to merge 4 commits into from

Commits on Mar 23, 2021

  1. http2: fix setting options before handle exists 

    Currently, when a JS Http2Session object is created, we have
to handle the situation in which the native object corresponding
to it does not yet exist. As part of that, we create a typed array
for storing options that are passed through the `AliasedStruct`
mechanism, and up until now, we copied that typed array over
the native one once the native one was available.

This was not good, because it was overwriting the defaults that
were set during construction of the native typed array with zeroes.

In order to fix this, create a wrapper for the JS-created typed array
that keeps track of which fields were changed, which enables us to
only overwrite fields that were intentionally changed on the JS side.

It is surprising that this behavior was not tested (which is,
guessing from the commit history around these features, my fault).
The subseqeuent commit introduces a test that would fail without
this change.
    @addaleax
    addaleax committed Mar 23, 2021
    Copy the full SHA
    fd15502 View commit details
    Browse the repository at this point in the history

  2. http2: treat non-EOF empty frames like other invalid frames 

    Use the existing mechanism that we have to keep track of invalid frames
for treating this specific kind of invalid frame.

The commit that originally introduced this check was 695e38b,
which was supposed to proected against CVE-2019-9518, which in turn
was specifically about a *flood* of empty data frames. While these are
still invalid frames either way, it makes sense to be forgiving here
and just treat them like other invalid frames, i.e. to allow a small
(configurable) number of them.

Fixes: nodejs#37849
    @addaleax
    addaleax committed Mar 23, 2021
    Copy the full SHA
    515cab2 View commit details
    Browse the repository at this point in the history

  3. fixup! http2: fix setting options before handle exists 

    Co-authored-by: Antoine du Hamel <duhamelantoine1995@gmail.com>
    @addaleax @aduh95
    addaleax and aduh95 committed Mar 23, 2021
    Copy the full SHA
    752cb85 View commit details
    Browse the repository at this point in the history

  4. fixup! http2: fix setting options before handle exists

    @addaleax
    addaleax committed Mar 23, 2021
    Copy the full SHA
    a087881 View commit details
    Browse the repository at this point in the history