diff options
author | Anna Henningsen <anna@addaleax.net> | 2019-08-11 01:31:20 +0200 |
---|---|---|
committer | Michaƫl Zasso <targos@protonmail.com> | 2019-08-15 09:51:53 +0200 |
commit | ba624b6766fffc11fc9a387feee58be2c5e1d8b8 (patch) | |
tree | 9b0468b252f6b3b5a669cf0e342c24324cb1d902 /src/node_http2.h | |
parent | 695e38be69a780417eef32db744528c3c78d6b0b (diff) | |
download | android-node-v8-ba624b6766fffc11fc9a387feee58be2c5e1d8b8.tar.gz android-node-v8-ba624b6766fffc11fc9a387feee58be2c5e1d8b8.tar.bz2 android-node-v8-ba624b6766fffc11fc9a387feee58be2c5e1d8b8.zip |
http2: stop reading from socket if writes are in progress
If a write to the underlying socket finishes asynchronously, that
means that we cannot write any more data at that point without waiting
for it to finish. If this happens, we should also not be producing any
more input.
This is part of mitigating CVE-2019-9511/CVE-2019-9517.
PR-URL: https://github.com/nodejs/node/pull/29122
Reviewed-By: Rich Trott <rtrott@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
Diffstat (limited to 'src/node_http2.h')
-rw-r--r-- | src/node_http2.h | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/src/node_http2.h b/src/node_http2.h index e0862614f2..21e05157c1 100644 --- a/src/node_http2.h +++ b/src/node_http2.h @@ -335,6 +335,8 @@ enum session_state_flags { SESSION_STATE_CLOSED = 0x4, SESSION_STATE_CLOSING = 0x8, SESSION_STATE_SENDING = 0x10, + SESSION_STATE_WRITE_IN_PROGRESS = 0x20, + SESSION_STATE_READING_STOPPED = 0x40, }; typedef uint32_t(*get_setting)(nghttp2_session* session, |