Check if length of frame is valid #135
Conversation
When receiving a frame from endpoint, check if length of frame is below the maximum size setting. If frame size is invalid then send a reset frame to endpoint. Add method to the connection class that sends a reset frames with an error code.
If the setting frame contains a new valid max frame size then update hyper's settings. Add tests to confirm that this setting is updated only with values between the accepted range.
| frame.stream_id, | ||
| length, | ||
| frame_size | ||
| ) |
There was a problem hiding this comment.
It'd be safer to log first, I think: that way the log is emitted before we explode due to any traceback.
There was a problem hiding this comment.
Oh, this check also isn't right. The value in self._settings[] is not a limit on the frame size the other side can emit, it's a limit on the size it can receive. hyper doesn't currently make the max frame size it can tolerate configurable (and I don't really feel like it should at this stage), so I think we just want to confirm that we tolerate MAX_FRAME_SIZE frames.
We then want to add a similar check to our own code for sending.
|
Brilliant stuff @jdecuyper! Great start. I've made some notes inline. =) |
When hyper is sending a frame, it should validate its length against the constant MAX_FRAME_SIZE and not the endpoint's settings. Add error code parameter to the connection's close method. Check if socket is still alive before sending an ACK to the endpoint. Fix minor spelling errors.
…assume it is a gracefull shutdown.
|
@Lukasa just to make sure I understand this right, when serializing a frame, we should be checking the length of the body against the maximum frame size. I think it would be nicer to apply this check when calling |
| new_size) | ||
| # Tear the connection down with error code PROTOCOL_ERROR | ||
| self.close(1) | ||
|
|
There was a problem hiding this comment.
I think, rather than tie ourselves in knots trying to handle teardown mid-connection, we should throw exceptions whenever we have to tear a connection down ourselves. That means, still call self.close(), but then immediately throw an exception.
While we're here, it might be good to define an exception that we throw whenever we encounter a HTTP/2 connection error.
There was a problem hiding this comment.
We have already such an exception available so I have used that one.
|
@jdecuyper That sounds reasonable to me =) |
|
Have that function |
| @@ -63,7 +65,7 @@ def parse_flags(self, flag_byte): | |||
|
|
|||
| def serialize(self): | |||
| body = self.serialize_body() | |||
| body_len = len(body) | |||
| self.body_len = len(body) | |||
There was a problem hiding this comment.
Let's make sure we initialise this to zero in __init__.
There was a problem hiding this comment.
All set! Anything else I should cover?
| @@ -482,6 +497,9 @@ def _send_cb(self, frame, tolerate_peer_gone=False): | |||
|
|
|||
| data = frame.serialize() | |||
|
|
|||
| if frame.body_len > FRAME_MAX_LEN: # pragma: no cover | |||
There was a problem hiding this comment.
So this is the point where we need to abort based on the set max frame size. Can you change this check to do that?
There was a problem hiding this comment.
Sorry about having to make this note. I've had lots of trouble in the past keeping track of which setting applies to which direction in the communication, so I'm not entirely surprised that we've had to go back and forth on this a few times.
There was a problem hiding this comment.
I also don't think there's any good reason to #pragma: no cover this, we can hit it pretty directly to prove the case.
|
@jdecuyper What's the status here? |
|
Status is: will work on fixes tomorrow if that's alright :) |
|
Sure thing. =) There's no rush, just wanted to make sure this didn't get lost! 👍 |
When sending a frame to the server, care must be taken to not exceed the maximum frame size setting. If the size is higher than the defined setting then a ValueError is thrown.
|
@Lukasa |
|
Cool! Curious to see what the fix is about =) |
|
The fix already landed, see python-hyper/hyperframe@2363947. If you rebase on top of development you should find the code you need has been vendored in from hyperframe. =D |
When receiving a frame from endpoint, check if length of frame is below the maximum size setting. If frame size is invalid then send a reset frame to endpoint. Add method to the connection class that sends a reset frames with an error code.
If the setting frame contains a new valid max frame size then update hyper's settings. Add tests to confirm that this setting is updated only with values between the accepted range.
When hyper is sending a frame, it should validate its length against the constant MAX_FRAME_SIZE and not the endpoint's settings. Add error code parameter to the connection's close method. Check if socket is still alive before sending an ACK to the endpoint. Fix minor spelling errors.
…assume it is a gracefull shutdown.
When sending a frame to the server, care must be taken to not exceed the maximum frame size setting. If the size is higher than the defined setting then a ValueError is thrown.
|
@Lukasa the rebase worked, let me know if it looks alright to you! |
|
This is generally good, though the commit log has gone a bit wacky. Do you feel comfortable enough in git to fix it up, or do you want me to handle that on my end? |
|
Sorry to bother you with this, it would be great if you could help me out here and even better if you could explain how you do it (if you have some time of course). Thanks! |
|
Of course! I'll see if I can screen record the fix. |
|
Asciinema is pretty great fwiw |
|
@jdecuyper The fix was easy, as you can see here. All I did was take the last commit that contained actual work from you (a031605) and merge it into the development branch. In that video you can see me scrolling down the terminal to ensure that none of your commits are there twice, which they aren't, so we know we're good. |
|
Alrighty, merged manually. Thanks @jdecuyper! |
|
@Lukasa many thanks for taking the time to explain 👍 👍 |
|
And btw thanks for the mentions in the v0.4.0 release notes =) |
Fix for #69