Skip to content

Commit b0fa4d5

Browse files
authored
Merge pull request from GHSA-f256-j965-7f32
Motivation: We also need to ensure that all the header validation is done when a single header with the endStream flag is received Modifications: - Adjust code to always enforce the validation - Add more unit tests Result: Always correctly validate
1 parent 5867de7 commit b0fa4d5

File tree

2 files changed

+48
-2
lines changed

2 files changed

+48
-2
lines changed

Diff for: codec-http2/src/main/java/io/netty/handler/codec/http2/DefaultHttp2ConnectionDecoder.java

+4-1
Original file line numberDiff line numberDiff line change
@@ -353,10 +353,13 @@ public void onHeadersRead(ChannelHandlerContext ctx, int streamId, Http2Headers
353353
short weight, boolean exclusive, int padding, boolean endOfStream) throws Http2Exception {
354354
Http2Stream stream = connection.stream(streamId);
355355
boolean allowHalfClosedRemote = false;
356+
boolean isTrailers = false;
356357
if (stream == null && !connection.streamMayHaveExisted(streamId)) {
357358
stream = connection.remote().createStream(streamId, endOfStream);
358359
// Allow the state to be HALF_CLOSE_REMOTE if we're creating it in that state.
359360
allowHalfClosedRemote = stream.state() == HALF_CLOSED_REMOTE;
361+
} else if (stream != null) {
362+
isTrailers = stream.isHeadersReceived();
360363
}
361364

362365
if (shouldIgnoreHeadersOrDataFrame(ctx, streamId, stream, "HEADERS")) {
@@ -394,7 +397,7 @@ public void onHeadersRead(ChannelHandlerContext ctx, int streamId, Http2Headers
394397
stream.state());
395398
}
396399

397-
if (!stream.isHeadersReceived()) {
400+
if (!isTrailers) {
398401
// extract the content-length header
399402
List<? extends CharSequence> contentLength = headers.getAll(HttpHeaderNames.CONTENT_LENGTH);
400403
if (contentLength != null && !contentLength.isEmpty()) {

Diff for: codec-http2/src/test/java/io/netty/handler/codec/http2/Http2MultiplexTest.java

+44-1
Original file line numberDiff line numberDiff line change
@@ -224,10 +224,53 @@ public void headerAndDataFramesShouldBeDelivered() {
224224

225225
@Test
226226
public void headerMultipleContentLengthValidationShouldPropagate() {
227+
headerMultipleContentLengthValidationShouldPropagate(false);
228+
}
229+
230+
@Test
231+
public void headerMultipleContentLengthValidationShouldPropagateWithEndStream() {
232+
headerMultipleContentLengthValidationShouldPropagate(true);
233+
}
234+
235+
private void headerMultipleContentLengthValidationShouldPropagate(boolean endStream) {
227236
LastInboundHandler inboundHandler = new LastInboundHandler();
228237
request.addLong(HttpHeaderNames.CONTENT_LENGTH, 0);
229238
request.addLong(HttpHeaderNames.CONTENT_LENGTH, 1);
230-
Http2StreamChannel channel = newInboundStream(3, false, inboundHandler);
239+
Http2StreamChannel channel = newInboundStream(3, endStream, inboundHandler);
240+
try {
241+
inboundHandler.checkException();
242+
fail();
243+
} catch (Exception e) {
244+
assertThat(e, CoreMatchers.<Exception>instanceOf(StreamException.class));
245+
}
246+
assertNull(inboundHandler.readInbound());
247+
assertFalse(channel.isActive());
248+
}
249+
250+
@Test
251+
public void headerPlusSignContentLengthValidationShouldPropagate() {
252+
headerSignContentLengthValidationShouldPropagateWithEndStream(false, false);
253+
}
254+
255+
@Test
256+
public void headerPlusSignContentLengthValidationShouldPropagateWithEndStream() {
257+
headerSignContentLengthValidationShouldPropagateWithEndStream(false, true);
258+
}
259+
260+
@Test
261+
public void headerMinusSignContentLengthValidationShouldPropagate() {
262+
headerSignContentLengthValidationShouldPropagateWithEndStream(true, false);
263+
}
264+
265+
@Test
266+
public void headerMinusSignContentLengthValidationShouldPropagateWithEndStream() {
267+
headerSignContentLengthValidationShouldPropagateWithEndStream(true, true);
268+
}
269+
270+
private void headerSignContentLengthValidationShouldPropagateWithEndStream(boolean minus, boolean endStream) {
271+
LastInboundHandler inboundHandler = new LastInboundHandler();
272+
request.add(HttpHeaderNames.CONTENT_LENGTH, (minus ? "-" : "+") + 1);
273+
Http2StreamChannel channel = newInboundStream(3, endStream, inboundHandler);
231274
try {
232275
inboundHandler.checkException();
233276
fail();

0 commit comments

Comments
 (0)