From 9590f577b03f621faf35f60e439b87431d293dee Mon Sep 17 00:00:00 2001
From: Denys Otrishko <shishugi@gmail.com>
Date: Mon, 18 Nov 2019 21:44:21 +0200
Subject: http2: allow to configure maximum tolerated invalid frames

PR-URL: https://github.com/nodejs/node/pull/30534
Fixes: https://github.com/nodejs/node/issues/30505
Reviewed-By: Anna Henningsen <anna@addaleax.net>
Reviewed-By: David Carlier <devnexen@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
---
 src/node_http2.cc | 9 +++++++--
 src/node_http2.h  | 4 +++-
 2 files changed, 10 insertions(+), 3 deletions(-)

(limited to 'src')

diff --git a/src/node_http2.cc b/src/node_http2.cc
index 4c1e5dd583..459cc3b0e6 100644
--- a/src/node_http2.cc
+++ b/src/node_http2.cc
@@ -1011,8 +1011,12 @@ int Http2Session::OnInvalidFrame(nghttp2_session* handle,
                                  void* user_data) {
   Http2Session* session = static_cast<Http2Session*>(user_data);
 
-  Debug(session, "invalid frame received, code: %d", lib_error_code);
-  if (session->invalid_frame_count_++ > 1000)
+  Debug(session,
+        "invalid frame received (%u/%u), code: %d",
+        session->invalid_frame_count_,
+        session->js_fields_.max_invalid_frames,
+        lib_error_code);
+  if (session->invalid_frame_count_++ > session->js_fields_.max_invalid_frames)
     return 1;
 
   // If the error is fatal or if error code is ERR_STREAM_CLOSED... emit error
@@ -3057,6 +3061,7 @@ void Initialize(Local<Object> target,
   NODE_DEFINE_CONSTANT(target, kBitfield);
   NODE_DEFINE_CONSTANT(target, kSessionPriorityListenerCount);
   NODE_DEFINE_CONSTANT(target, kSessionFrameErrorListenerCount);
+  NODE_DEFINE_CONSTANT(target, kSessionMaxInvalidFrames);
   NODE_DEFINE_CONSTANT(target, kSessionUint8FieldCount);
 
   NODE_DEFINE_CONSTANT(target, kSessionHasRemoteSettingsListeners);
diff --git a/src/node_http2.h b/src/node_http2.h
index 61092b60c0..79d648276f 100644
--- a/src/node_http2.h
+++ b/src/node_http2.h
@@ -677,6 +677,7 @@ typedef struct {
   uint8_t bitfield;
   uint8_t priority_listener_count;
   uint8_t frame_error_listener_count;
+  uint32_t max_invalid_frames = 1000;
 } SessionJSFields;
 
 // Indices for js_fields_, which serves as a way to communicate data with JS
@@ -689,6 +690,7 @@ enum SessionUint8Fields {
       offsetof(SessionJSFields, priority_listener_count),
   kSessionFrameErrorListenerCount =
       offsetof(SessionJSFields, frame_error_listener_count),
+  kSessionMaxInvalidFrames = offsetof(SessionJSFields, max_invalid_frames),
   kSessionUint8FieldCount = sizeof(SessionJSFields)
 };
 
@@ -1024,7 +1026,7 @@ class Http2Session : public AsyncWrap, public StreamListener {
   // accepted again.
   int32_t rejected_stream_count_ = 0;
   // Also use the invalid frame count as a measure for rejecting input frames.
-  int32_t invalid_frame_count_ = 0;
+  uint32_t invalid_frame_count_ = 0;
 
   void PushOutgoingBuffer(nghttp2_stream_write&& write);
   void CopyDataIntoOutgoing(const uint8_t* src, size_t src_length);
-- 
cgit v1.2.3