diff options
author | Anna Henningsen <anna@addaleax.net> | 2019-08-10 23:37:58 +0200 |
---|---|---|
committer | Michaƫl Zasso <targos@protonmail.com> | 2019-08-15 09:51:53 +0200 |
commit | 695e38be69a780417eef32db744528c3c78d6b0b (patch) | |
tree | 767cb1febfecda21bbfa5713497b114246a7d266 /src/node_http2.h | |
parent | b2c7c51d0bfa1b2165be409f1cedb7b1d4beaddf (diff) | |
download | android-node-v8-695e38be69a780417eef32db744528c3c78d6b0b.tar.gz android-node-v8-695e38be69a780417eef32db744528c3c78d6b0b.tar.bz2 android-node-v8-695e38be69a780417eef32db744528c3c78d6b0b.zip |
http2: consider 0-length non-end DATA frames an error
This is intended to mitigate CVE-2019-9518.
PR-URL: https://github.com/nodejs/node/pull/29122
Reviewed-By: Rich Trott <rtrott@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
Diffstat (limited to 'src/node_http2.h')
-rw-r--r-- | src/node_http2.h | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/src/node_http2.h b/src/node_http2.h index fe0c3ffa7a..e0862614f2 100644 --- a/src/node_http2.h +++ b/src/node_http2.h @@ -877,7 +877,7 @@ class Http2Session : public AsyncWrap, public StreamListener { size_t maxPayloadLen); // Frame Handler - void HandleDataFrame(const nghttp2_frame* frame); + int HandleDataFrame(const nghttp2_frame* frame); void HandleGoawayFrame(const nghttp2_frame* frame); void HandleHeadersFrame(const nghttp2_frame* frame); void HandlePriorityFrame(const nghttp2_frame* frame); |