diff options
author | James M Snell <jasnell@gmail.com> | 2018-04-03 11:26:38 -0700 |
---|---|---|
committer | Myles Borins <mylesborins@google.com> | 2018-06-12 20:46:45 -0400 |
commit | 8bf213dbdc7ee9c852252527f020d48e3bc97e15 (patch) | |
tree | 75bfd4c9d7ccc026b50c85c197172ecf959332d2 | |
parent | 3217e8e66fa81e787b9f3b18c0c09235f050acee (diff) | |
download | android-node-v8-8bf213dbdc7ee9c852252527f020d48e3bc97e15.tar.gz android-node-v8-8bf213dbdc7ee9c852252527f020d48e3bc97e15.tar.bz2 android-node-v8-8bf213dbdc7ee9c852252527f020d48e3bc97e15.zip |
http2: fixup http2stream cleanup and other nits
This fixes CVE-2018-7161.
PR-URL: https://github.com/nodejs-private/node-private/pull/115
Reviewed-By: Matteo Collina <matteo.collina@gmail.com>
Reviewed-By: Anna Henningsen <anna@addaleax.net>
Reviewed-By: Evan Lucas <evanlucas@me.com>
-rw-r--r-- | src/node_http2.cc | 6 | ||||
-rw-r--r-- | src/node_http2.h | 4 |
2 files changed, 6 insertions, 4 deletions
diff --git a/src/node_http2.cc b/src/node_http2.cc index 9388e6ef66..28d3de6ef0 100644 --- a/src/node_http2.cc +++ b/src/node_http2.cc @@ -499,8 +499,8 @@ Http2Session::Http2Session(Environment* env, Http2Session::~Http2Session() { CHECK_EQ(flags_ & SESSION_STATE_HAS_SCOPE, 0); Debug(this, "freeing nghttp2 session"); - for (const auto& stream : streams_) - stream.second->session_ = nullptr; + for (const auto& iter : streams_) + iter.second->session_ = nullptr; nghttp2_session_del(session_); } @@ -653,6 +653,8 @@ inline void Http2Session::AddStream(Http2Stream* stream) { inline void Http2Session::RemoveStream(Http2Stream* stream) { + if (streams_.empty() || stream == nullptr) + return; // Nothing to remove, item was never added? streams_.erase(stream->id()); DecrementCurrentSessionMemory(stream->self_size()); } diff --git a/src/node_http2.h b/src/node_http2.h index eb06d740ba..70c284c357 100644 --- a/src/node_http2.h +++ b/src/node_http2.h @@ -651,8 +651,8 @@ class Http2Stream : public AsyncWrap, Statistics statistics_ = {}; private: - Http2Session* session_; // The Parent HTTP/2 Session - int32_t id_; // The Stream Identifier + Http2Session* session_ = nullptr; // The Parent HTTP/2 Session + int32_t id_ = 0; // The Stream Identifier int32_t code_ = NGHTTP2_NO_ERROR; // The RST_STREAM code (if any) int flags_ = NGHTTP2_STREAM_FLAG_NONE; // Internal state flags |