mirror of
https://github.com/haproxy/haproxy.git
synced 2026-04-08 18:36:18 -04:00
BUG/MEDIUM: h3: do not crash if no buf space for trailers
Replace ABORT_NOW() by proper error management in h3_resp_trailers_send() for QPACK encoding operation. If a QPACK encoding operation fails, it means there is not enough space in qcs buffer. In this case, flag qcs instance with QC_SF_BLK_MROOM and return an error. MUX is responsible to remove this flag once buffer space is available. This should fix the crash reported by gabrieltz on github issue #2006. This must be backported up to 2.7.
This commit is contained in:
Amaury Denoyelle
parent
8436c910f5
commit
224ba5cffe
1 changed files with 8 additions and 4 deletions
12
src/h3.c
12
src/h3.c
|
|
@ -1393,8 +1393,10 @@ static int h3_resp_trailers_send(struct qcs *qcs, struct htx *htx)
|
|||
/* Start the headers after frame type + length */
|
||||
headers_buf = b_make(b_peek(res, b_data(res) + 9), b_contig_space(res) - 9, 0, 0);
|
||||
|
||||
if (qpack_encode_field_section_line(&headers_buf))
|
||||
ABORT_NOW();
|
||||
if (qpack_encode_field_section_line(&headers_buf)) {
|
||||
qcs->flags |= QC_SF_BLK_MROOM;
|
||||
goto err;
|
||||
}
|
||||
|
||||
tail = b_tail(&headers_buf);
|
||||
for (hdr = 0; hdr < sizeof(list) / sizeof(list[0]); ++hdr) {
|
||||
|
|
@ -1412,8 +1414,10 @@ static int h3_resp_trailers_send(struct qcs *qcs, struct htx *htx)
|
|||
continue;
|
||||
}
|
||||
|
||||
if (qpack_encode_header(&headers_buf, list[hdr].n, list[hdr].v))
|
||||
ABORT_NOW();
|
||||
if (qpack_encode_header(&headers_buf, list[hdr].n, list[hdr].v)) {
|
||||
qcs->flags |= QC_SF_BLK_MROOM;
|
||||
goto err;
|
||||
}
|
||||
}
|
||||
|
||||
/* Now that all headers are encoded, we are certain that res buffer is
|
||||
|
|
|
|||
Loading…
Reference in a new issue