http2: consider 0-length non-end DATA frames an error

This is intended to mitigate CVE-2019-9518. PR-URL: https://github.com/nodejs/node/pull/29122 Reviewed-By: Rich Trott <rtrott@gmail.com> Reviewed-By: James M Snell <jasnell@gmail.com>
author: Anna Henningsen <anna@addaleax.net> 2019-08-10 23:37:58 +0200
committer: Michaël Zasso <targos@protonmail.com> 2019-08-15 09:51:53 +0200
commit: 695e38be69a780417eef32db744528c3c78d6b0b (patch)
tree: 767cb1febfecda21bbfa5713497b114246a7d266 /src/node_revert.h
parent: b2c7c51d0bfa1b2165be409f1cedb7b1d4beaddf (diff)
download: android-node-v8-695e38be69a780417eef32db744528c3c78d6b0b.tar.gz
android-node-v8-695e38be69a780417eef32db744528c3c78d6b0b.tar.bz2
android-node-v8-695e38be69a780417eef32db744528c3c78d6b0b.zip
1 files changed, 1 insertions, 0 deletions
diff --git a/src/node_revert.h b/src/node_revert.h
index dfce73b95d..33b30a0dfe 100644
--- a/src/node_revert.h
+++ b/src/node_revert.h
@@ -18,6 +18,7 @@ namespace node {
 #define SECURITY_REVERSIONS(XX)                                            \
   XX(CVE_2019_9514, "CVE-2019-9514", "HTTP/2 Reset Flood")                 \
   XX(CVE_2019_9516, "CVE-2019-9516", "HTTP/2 0-Length Headers Leak")       \
+  XX(CVE_2019_9518, "CVE-2019-9518", "HTTP/2 Empty DATA Frame Flooding")   \
 //  XX(CVE_2016_PEND, "CVE-2016-PEND", "Vulnerability Title")
   // TODO(addaleax): Remove all of the above before Node.js 13 as the comment
   // at the start of the file indicates.
author	Anna Henningsen <anna@addaleax.net>	2019-08-10 23:37:58 +0200
committer	Michaël Zasso <targos@protonmail.com>	2019-08-15 09:51:53 +0200
commit	695e38be69a780417eef32db744528c3c78d6b0b (patch)
tree	767cb1febfecda21bbfa5713497b114246a7d266 /src/node_revert.h
parent	b2c7c51d0bfa1b2165be409f1cedb7b1d4beaddf (diff)
download	android-node-v8-695e38be69a780417eef32db744528c3c78d6b0b.tar.gz android-node-v8-695e38be69a780417eef32db744528c3c78d6b0b.tar.bz2 android-node-v8-695e38be69a780417eef32db744528c3c78d6b0b.zip