From 8391c6f3fe27e58aee67a1863284ab160ab430e9 Mon Sep 17 00:00:00 2001 From: Daniel Baumann Date: Fri, 12 Apr 2024 10:32:14 +0200 Subject: Merging upstream version 2.4.59. Signed-off-by: Daniel Baumann --- modules/http2/h2_headers.c | 11 ++++++++++- modules/http2/h2_request.c | 1 + modules/http2/h2_session.c | 10 +++++++--- modules/http2/h2_stream.c | 1 + modules/http2/h2_stream.h | 1 + 5 files changed, 20 insertions(+), 4 deletions(-) (limited to 'modules/http2') diff --git a/modules/http2/h2_headers.c b/modules/http2/h2_headers.c index 0fc1d91..d9b3fd0 100644 --- a/modules/http2/h2_headers.c +++ b/modules/http2/h2_headers.c @@ -90,9 +90,18 @@ h2_headers *h2_bucket_headers_get(apr_bucket *b) return NULL; } +static void bucket_destroy(void *data) +{ + h2_bucket_headers *h = data; + + if (apr_bucket_shared_destroy(h)) { + apr_bucket_free(h); + } +} + const apr_bucket_type_t h2_bucket_type_headers = { "H2HEADERS", 5, APR_BUCKET_METADATA, - apr_bucket_destroy_noop, + bucket_destroy, bucket_read, apr_bucket_setaside_noop, apr_bucket_split_notimpl, diff --git a/modules/http2/h2_request.c b/modules/http2/h2_request.c index de312e5..2713947 100644 --- a/modules/http2/h2_request.c +++ b/modules/http2/h2_request.c @@ -120,6 +120,7 @@ apr_status_t h2_request_rcreate(h2_request **preq, apr_pool_t *pool, req->path = path; req->headers = apr_table_make(pool, 10); req->http_status = H2_HTTP_STATUS_UNSET; + req->request_time = apr_time_now(); x.pool = pool; x.headers = req->headers; diff --git a/modules/http2/h2_session.c b/modules/http2/h2_session.c index 1e560e4..5724fda 100644 --- a/modules/http2/h2_session.c +++ b/modules/http2/h2_session.c @@ -319,9 +319,13 @@ static int on_header_cb(nghttp2_session *ngh2, const nghttp2_frame *frame, status = h2_stream_add_header(stream, (const char *)name, namelen, (const char *)value, valuelen); - if (status != APR_SUCCESS - && (!stream->rtmp - || stream->rtmp->http_status == H2_HTTP_STATUS_UNSET)) { + if (status != APR_SUCCESS && + (!stream->rtmp || + stream->rtmp->http_status == H2_HTTP_STATUS_UNSET || + /* We accept a certain amount of failures in order to reply + * with an informative HTTP error response like 413. But if the + * client is too wrong, we fail the request a RESET of the stream */ + stream->request_headers_failed > 100)) { return NGHTTP2_ERR_TEMPORAL_CALLBACK_FAILURE; } return 0; diff --git a/modules/http2/h2_stream.c b/modules/http2/h2_stream.c index f6c9202..ee87555 100644 --- a/modules/http2/h2_stream.c +++ b/modules/http2/h2_stream.c @@ -813,6 +813,7 @@ apr_status_t h2_stream_add_header(h2_stream *stream, cleanup: if (error) { + ++stream->request_headers_failed; set_error_response(stream, error); return APR_EINVAL; } diff --git a/modules/http2/h2_stream.h b/modules/http2/h2_stream.h index d68d426..405978a 100644 --- a/modules/http2/h2_stream.h +++ b/modules/http2/h2_stream.h @@ -91,6 +91,7 @@ struct h2_stream { struct h2_request *rtmp; /* request being assembled */ apr_table_t *trailers_in; /* optional, incoming trailers */ int request_headers_added; /* number of request headers added */ + int request_headers_failed; /* number of request headers failed to add */ #if AP_HAS_RESPONSE_BUCKETS ap_bucket_response *response; /* the final, non-interim response or NULL */ -- cgit v1.2.3