Reject pushes with invalid stream ID

amphp · Jul 8, 2020 · d272ceb · d272ceb
1 parent 37f307c
commit d272ceb
Show file tree

Hide file tree

Showing 2 changed files with 52 additions and 0 deletions.
diff --git a/src/Connection/Internal/Http2ConnectionProcessor.php b/src/Connection/Internal/Http2ConnectionProcessor.php
@@ -520,6 +520,15 @@ public function handleHeaders(int $streamId, array $pseudo, array $headers, bool
 
     public function handlePushPromise(int $parentId, int $streamId, array $pseudo, array $headers): void
     {
+        if ($streamId % 2 === 1) {
+            $this->handleConnectionException(new Http2ConnectionException(
+                "Invalid server initiated stream",
+                Http2Parser::PROTOCOL_ERROR
+            ));
+
+            return;
+        }
+
         foreach ($pseudo as $name => $value) {
             if (!isset(Http2Parser::KNOWN_REQUEST_PSEUDO_HEADERS[$name])) {
                 throw new Http2StreamException(

diff --git a/test/Connection/Http2ConnectionTest.php b/test/Connection/Http2ConnectionTest.php
@@ -439,6 +439,49 @@ public function testWritingRequestWithRelativeUriPathFails(): \Generator
         yield $stream->request($request, new NullCancellationToken());
     }
 
+    public function testServerPushingOddStream(): \Generator
+    {
+        [$server, $client] = Socket\createPair();
+
+        $hpack = new HPack;
+
+        $connection = new Http2Connection($client);
+        $server->write(self::packFrame('', Http2Parser::SETTINGS, 0, 0));
+        yield $connection->initialize();
+
+        $request = new Request('http://localhost/');
+        $request->setInactivityTimeout(500);
+        $request->setPushHandler($this->createCallback(0));
+
+        /** @var Stream $stream */
+        $stream = yield $connection->getStream($request);
+
+        $promise = $stream->request($request, new NullCancellationToken());
+
+        $server->write(self::packFrame($hpack->encode([
+            [":status", Status::OK],
+            ["date", formatDateHeader()],
+        ]), Http2Parser::HEADERS, Http2Parser::END_HEADERS, 1));
+        $server->write(self::packFrame(\pack("N", 3) . $hpack->encode([
+            [":method", 'GET'],
+            [":authority", 'localhost'],
+            [":scheme", 'http'],
+            [":path", '/static'],
+        ]), Http2Parser::PUSH_PROMISE, Http2Parser::END_HEADERS, 3));
+        $server->write(self::packFrame($hpack->encode([
+            [":status", Status::OK],
+            ["date", formatDateHeader()],
+        ]), Http2Parser::HEADERS, Http2Parser::END_HEADERS, 3));
+
+        /** @var Response $response */
+        $response = yield $promise;
+
+        $this->expectException(Http2ConnectionException::class);
+        $this->expectExceptionMessage('Invalid server initiated stream');
+
+        yield $response->getBody()->buffer();
+    }
+
     /**
      * @param string $requestPath
      * @param string $expectedPath