diff options
author | James M Snell <jasnell@gmail.com> | 2018-08-10 15:07:51 -0700 |
---|---|---|
committer | George Adams <george.adams@uk.ibm.com> | 2018-08-13 09:38:49 +0100 |
commit | ac92a42a60545006a493e567c793601c6397c035 (patch) | |
tree | 14b28a5343a003649314e1b69f6f78899e2f4b9d /src/node_http2.cc | |
parent | 7cec27c7998868b4ae0b7aef926aa75f866ed458 (diff) | |
download | android-node-v8-ac92a42a60545006a493e567c793601c6397c035.tar.gz android-node-v8-ac92a42a60545006a493e567c793601c6397c035.tar.bz2 android-node-v8-ac92a42a60545006a493e567c793601c6397c035.zip |
http2: avoid race condition in OnHeaderCallback
Fixes: https://github.com/nodejs/node/issues/21416
PR-URL: https://github.com/nodejs/node/pull/22256
Reviewed-By: Anna Henningsen <anna@addaleax.net>
Reviewed-By: Matteo Collina <matteo.collina@gmail.com>
Reviewed-By: Trivikram Kamat <trivikr.dev@gmail.com>
Reviewed-By: George Adams <george.adams@uk.ibm.com>
Diffstat (limited to 'src/node_http2.cc')
-rw-r--r-- | src/node_http2.cc | 7 |
1 files changed, 6 insertions, 1 deletions
diff --git a/src/node_http2.cc b/src/node_http2.cc index 1274bc7f5b..12b0156f4a 100644 --- a/src/node_http2.cc +++ b/src/node_http2.cc @@ -881,7 +881,12 @@ int Http2Session::OnHeaderCallback(nghttp2_session* handle, Http2Session* session = static_cast<Http2Session*>(user_data); int32_t id = GetFrameID(frame); Http2Stream* stream = session->FindStream(id); - CHECK_NOT_NULL(stream); + // If stream is null at this point, either something odd has happened + // or the stream was closed locally while header processing was occurring. + // either way, do not proceed and close the stream. + if (stream == nullptr) + return NGHTTP2_ERR_TEMPORAL_CALLBACK_FAILURE; + // If the stream has already been destroyed, ignore. if (!stream->IsDestroyed() && !stream->AddHeader(name, value, flags)) { // This will only happen if the connected peer sends us more |