38 lines
1.6 KiB
Diff
38 lines
1.6 KiB
Diff
From 5fe782778f535ae68508fb7979df1cbfbdf4d6de Mon Sep 17 00:00:00 2001
|
|
From: sunsuwan <sunsuwan3@huawei.com>
|
|
Date: Mon, 4 Sep 2023 21:45:49 +0800
|
|
Subject: [PATCH] CVE-2023-33953 add header limit
|
|
|
|
Signed-off-by: zhouyihang <zhouyihang3@h-partners.com>
|
|
Signed-off-by: sunsuwan <sunsuwan3@huawei.com>
|
|
---
|
|
.../ext/transport/chttp2/transport/hpack_parser.cc | 12 ++++++++++++
|
|
1 file changed, 12 insertions(+)
|
|
|
|
diff --git a/src/core/ext/transport/chttp2/transport/hpack_parser.cc b/src/core/ext/transport/chttp2/transport/hpack_parser.cc
|
|
index 09681fa..6b191a7 100644
|
|
--- a/src/core/ext/transport/chttp2/transport/hpack_parser.cc
|
|
+++ b/src/core/ext/transport/chttp2/transport/hpack_parser.cc
|
|
@@ -1372,6 +1372,18 @@ grpc_error_handle grpc_chttp2_header_parser_parse(void* hpack_parser,
|
|
auto* parser = static_cast<grpc_core::HPackParser*>(hpack_parser);
|
|
if (s != nullptr) {
|
|
s->stats.incoming.header_bytes += GRPC_SLICE_LENGTH(slice);
|
|
+ if (s->stats.incoming.header_bytes > t->settings[GRPC_ACKED_SETTINGS]
|
|
+ [GRPC_CHTTP2_SETTINGS_MAX_HEADER_LIST_SIZE]) {
|
|
+ grpc_chttp2_cancel_stream(
|
|
+ t, s,
|
|
+ grpc_error_set_int(GRPC_ERROR_CREATE_FROM_STATIC_STRING(
|
|
+ "received header size exceeds limit"),
|
|
+ GRPC_ERROR_INT_GRPC_STATUS,
|
|
+ GRPC_STATUS_RESOURCE_EXHAUSTED));
|
|
+ grpc_chttp2_parsing_become_skip_parser(t);
|
|
+ s->seen_error = true;
|
|
+ return GRPC_ERROR_NONE;
|
|
+ }
|
|
}
|
|
grpc_error_handle error = parser->Parse(slice, is_last != 0);
|
|
if (error != GRPC_ERROR_NONE) {
|
|
--
|
|
2.33.0
|
|
|