From 8bf213dbdc7ee9c852252527f020d48e3bc97e15 Mon Sep 17 00:00:00 2001 From: James M Snell Date: Tue, 3 Apr 2018 11:26:38 -0700 Subject: http2: fixup http2stream cleanup and other nits This fixes CVE-2018-7161. PR-URL: https://github.com/nodejs-private/node-private/pull/115 Reviewed-By: Matteo Collina Reviewed-By: Anna Henningsen Reviewed-By: Evan Lucas --- src/node_http2.cc | 6 ++++-- src/node_http2.h | 4 ++-- 2 files changed, 6 insertions(+), 4 deletions(-) diff --git a/src/node_http2.cc b/src/node_http2.cc index 9388e6ef66..28d3de6ef0 100644 --- a/src/node_http2.cc +++ b/src/node_http2.cc @@ -499,8 +499,8 @@ Http2Session::Http2Session(Environment* env, Http2Session::~Http2Session() { CHECK_EQ(flags_ & SESSION_STATE_HAS_SCOPE, 0); Debug(this, "freeing nghttp2 session"); - for (const auto& stream : streams_) - stream.second->session_ = nullptr; + for (const auto& iter : streams_) + iter.second->session_ = nullptr; nghttp2_session_del(session_); } @@ -653,6 +653,8 @@ inline void Http2Session::AddStream(Http2Stream* stream) { inline void Http2Session::RemoveStream(Http2Stream* stream) { + if (streams_.empty() || stream == nullptr) + return; // Nothing to remove, item was never added? streams_.erase(stream->id()); DecrementCurrentSessionMemory(stream->self_size()); } diff --git a/src/node_http2.h b/src/node_http2.h index eb06d740ba..70c284c357 100644 --- a/src/node_http2.h +++ b/src/node_http2.h @@ -651,8 +651,8 @@ class Http2Stream : public AsyncWrap, Statistics statistics_ = {}; private: - Http2Session* session_; // The Parent HTTP/2 Session - int32_t id_; // The Stream Identifier + Http2Session* session_ = nullptr; // The Parent HTTP/2 Session + int32_t id_ = 0; // The Stream Identifier int32_t code_ = NGHTTP2_NO_ERROR; // The RST_STREAM code (if any) int flags_ = NGHTTP2_STREAM_FLAG_NONE; // Internal state flags -- cgit v1.2.3