summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorJames M Snell <jasnell@gmail.com>2018-04-03 11:26:38 -0700
committerMyles Borins <mylesborins@google.com>2018-06-12 20:46:45 -0400
commit8bf213dbdc7ee9c852252527f020d48e3bc97e15 (patch)
tree75bfd4c9d7ccc026b50c85c197172ecf959332d2
parent3217e8e66fa81e787b9f3b18c0c09235f050acee (diff)
downloadandroid-node-v8-8bf213dbdc7ee9c852252527f020d48e3bc97e15.tar.gz
android-node-v8-8bf213dbdc7ee9c852252527f020d48e3bc97e15.tar.bz2
android-node-v8-8bf213dbdc7ee9c852252527f020d48e3bc97e15.zip
http2: fixup http2stream cleanup and other nits
This fixes CVE-2018-7161. PR-URL: https://github.com/nodejs-private/node-private/pull/115 Reviewed-By: Matteo Collina <matteo.collina@gmail.com> Reviewed-By: Anna Henningsen <anna@addaleax.net> Reviewed-By: Evan Lucas <evanlucas@me.com>
-rw-r--r--src/node_http2.cc6
-rw-r--r--src/node_http2.h4
2 files changed, 6 insertions, 4 deletions
diff --git a/src/node_http2.cc b/src/node_http2.cc
index 9388e6ef66..28d3de6ef0 100644
--- a/src/node_http2.cc
+++ b/src/node_http2.cc
@@ -499,8 +499,8 @@ Http2Session::Http2Session(Environment* env,
Http2Session::~Http2Session() {
CHECK_EQ(flags_ & SESSION_STATE_HAS_SCOPE, 0);
Debug(this, "freeing nghttp2 session");
- for (const auto& stream : streams_)
- stream.second->session_ = nullptr;
+ for (const auto& iter : streams_)
+ iter.second->session_ = nullptr;
nghttp2_session_del(session_);
}
@@ -653,6 +653,8 @@ inline void Http2Session::AddStream(Http2Stream* stream) {
inline void Http2Session::RemoveStream(Http2Stream* stream) {
+ if (streams_.empty() || stream == nullptr)
+ return; // Nothing to remove, item was never added?
streams_.erase(stream->id());
DecrementCurrentSessionMemory(stream->self_size());
}
diff --git a/src/node_http2.h b/src/node_http2.h
index eb06d740ba..70c284c357 100644
--- a/src/node_http2.h
+++ b/src/node_http2.h
@@ -651,8 +651,8 @@ class Http2Stream : public AsyncWrap,
Statistics statistics_ = {};
private:
- Http2Session* session_; // The Parent HTTP/2 Session
- int32_t id_; // The Stream Identifier
+ Http2Session* session_ = nullptr; // The Parent HTTP/2 Session
+ int32_t id_ = 0; // The Stream Identifier
int32_t code_ = NGHTTP2_NO_ERROR; // The RST_STREAM code (if any)
int flags_ = NGHTTP2_STREAM_FLAG_NONE; // Internal state flags