From 0d73970ec161300a55b630f71bbf72b5c41f28b9 Mon Sep 17 00:00:00 2001 From: Eric Covener Date: Wed, 3 Apr 2024 12:12:55 +0000 Subject: [PATCH] Merge r1916771 from trunk: bail after too many failed reads Submitted By: icing git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1916779 13f79535-47bb-0310-9956-ffa450edef68 Conflict:The mod_http2 version upgrade (9767274) and new feature (06ceb22) are not integrated. As a result, context adaptation exists in h2_stream.h. Reference:https://github.com/apache/httpd/commit/0d73970ec161300a55b630f71bbf72b5c41f28b9 --- modules/http2/h2_session.c | 10 +++++++--- modules/http2/h2_stream.c | 1 + modules/http2/h2_stream.h | 3 ++- 3 files changed, 10 insertions(+), 4 deletions(-) diff --git a/modules/http2/h2_session.c b/modules/http2/h2_session.c index afd9edb..308bc4a 100644 --- a/modules/http2/h2_session.c +++ b/modules/http2/h2_session.c @@ -311,9 +311,13 @@ static int on_header_cb(nghttp2_session *ngh2, const nghttp2_frame *frame, status = h2_stream_add_header(stream, (const char *)name, namelen, (const char *)value, valuelen); - if (status != APR_SUCCESS - && (!stream->rtmp - || stream->rtmp->http_status == H2_HTTP_STATUS_UNSET)) { + if (status != APR_SUCCESS && + (!stream->rtmp || + stream->rtmp->http_status == H2_HTTP_STATUS_UNSET || + /* We accept a certain amount of failures in order to reply + * with an informative HTTP error response like 413. But if the + * client is too wrong, we fail the request a RESET of the stream */ + stream->request_headers_failed > 100)) { return NGHTTP2_ERR_TEMPORAL_CALLBACK_FAILURE; } return 0; diff --git a/modules/http2/h2_stream.c b/modules/http2/h2_stream.c index 49d89cb..bde8609 100644 --- a/modules/http2/h2_stream.c +++ b/modules/http2/h2_stream.c @@ -764,6 +764,7 @@ apr_status_t h2_stream_add_header(h2_stream *stream, cleanup: if (error) { + ++stream->request_headers_failed; set_error_response(stream, error); return APR_EINVAL; } diff --git a/modules/http2/h2_stream.h b/modules/http2/h2_stream.h index 08f7888..1b89eaf 100644 --- a/modules/http2/h2_stream.h +++ b/modules/http2/h2_stream.h @@ -75,7 +75,8 @@ struct h2_stream { struct h2_request *rtmp; /* request being assembled */ apr_table_t *trailers; /* optional incoming trailers */ int request_headers_added; /* number of request headers added */ - + int request_headers_failed; /* number of request headers failed to add */ + struct h2_bucket_beam *input; apr_bucket_brigade *in_buffer; int in_window_size; -- 2.33.0