Rework HTTP/2 closed connection logic and consolidate http2 mem_recv() calls in one place. #5648
Conversation
Previously there were several locations that called nghttp2_session_mem_recv and handled responses slightly differently. Those have been converted to call the existing h2_process_pending_input() function. Moved the end-of-session check to h2_process_pending_input() since the only place the end-of-session state can change is after nghttp2 processes additional input frames. This will likely fix the fuzzing error. While I don't have a root cause the out-of-bounds read seems like a use after free, so moving the nghttp2_session_check_request_allowed() call to a location with a guaranteed nghttp2 session seems reasonable. Also updated a few nghttp2 callsites to include error messages and added a few additional error checks.
During merge left in the old connclose call. Remove. Also fixup style: if ( => if(
|
|
Ping on this. I can move the close connection back, but I think that it makes sense to consolidate the receive logic into a single method. |
I'm slow this week, I'll review/merge this soon. |
Thanks @laramiel, sorry for taking forever to merge this! |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Previously there were several locations that called
nghttp2_session_mem_recv and handled responses slightly differently.
Those have been converted to call the existing
h2_process_pending_input() function.
Moved the end-of-session check to h2_process_pending_input() since
the only place the end-of-session state can change is after nghttp2
processes additional input frames.
This will likely fix the fuzzing error. While I don't have a root
cause the out-of-bounds read seems like a use after free, so moving
the nghttp2_session_check_request_allowed() call to a location with
a guaranteed nghttp2 session seems reasonable.
Also updated a few nghttp2 callsites to include error messages and
added a few additional error checks.
This attempts to address #5646