diff options
| author | Anna Henningsen <anna@addaleax.net> | 2019-08-12 22:55:16 +0200 |
|---|---|---|
| committer | Michaƫl Zasso <targos@protonmail.com> | 2019-08-15 09:51:38 +0200 |
| commit | a54af9e1888c01f9a9553eb0e91664a249cabe96 (patch) | |
| tree | 502fc62203de256a1bc14022b0772119aab8f99c /src/node_http2.cc | |
| parent | 474577cf54c3a5f48dec8ab88bd2d03881e2ac02 (diff) | |
| download | android-node-v8-a54af9e1888c01f9a9553eb0e91664a249cabe96.tar.gz android-node-v8-a54af9e1888c01f9a9553eb0e91664a249cabe96.tar.bz2 android-node-v8-a54af9e1888c01f9a9553eb0e91664a249cabe96.zip | |
http2: limit number of invalid incoming frames
Limit the number of invalid input frames, as they may be pointing
towards a misbehaving peer. The limit is currently set to 1000 but
could be changed or made configurable.
This is intended to mitigate CVE-2019-9514.
PR-URL: https://github.com/nodejs/node/pull/29122
Reviewed-By: Rich Trott <rtrott@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
Diffstat (limited to 'src/node_http2.cc')
| -rw-r--r-- | src/node_http2.cc | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/src/node_http2.cc b/src/node_http2.cc index 63617cfd9f..058ae1f190 100644 --- a/src/node_http2.cc +++ b/src/node_http2.cc @@ -1017,6 +1017,10 @@ int Http2Session::OnInvalidFrame(nghttp2_session* handle, Http2Session* session = static_cast<Http2Session*>(user_data); Debug(session, "invalid frame received, code: %d", lib_error_code); + if (session->invalid_frame_count_++ > 1000 && + !IsReverted(SECURITY_REVERT_CVE_2019_9514)) { + return 1; + } // If the error is fatal or if error code is ERR_STREAM_CLOSED... emit error if (nghttp2_is_fatal(lib_error_code) || |