[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[gnurl] 22/151: quiche: reject headers in the wrong order
From: |
gnunet |
Subject: |
[gnurl] 22/151: quiche: reject headers in the wrong order |
Date: |
Fri, 20 Dec 2019 14:25:31 +0100 |
This is an automated email from the git hooks/post-receive script.
ng0 pushed a commit to branch master
in repository gnurl.
commit b3eb7d172aab6c7f423aea2f97c27099d6b65f7a
Author: Daniel Stenberg <address@hidden>
AuthorDate: Mon Nov 11 09:56:23 2019 +0100
quiche: reject headers in the wrong order
Pseudo header MUST come before regular headers or cause an error.
Reported-by: Cynthia Coan
Fixes #4571
Closes #4584
---
docs/libcurl/symbols-in-versions | 1 +
include/curl/curl.h | 4 +++-
lib/strerror.c | 4 +++-
lib/vquic/quiche.c | 7 ++++++-
tests/data/test1538 | 2 +-
5 files changed, 14 insertions(+), 4 deletions(-)
diff --git a/docs/libcurl/symbols-in-versions b/docs/libcurl/symbols-in-versions
index bf23b4488..c7dadea19 100644
--- a/docs/libcurl/symbols-in-versions
+++ b/docs/libcurl/symbols-in-versions
@@ -84,6 +84,7 @@ CURLE_FUNCTION_NOT_FOUND 7.1
CURLE_GOT_NOTHING 7.9.1
CURLE_HTTP2 7.38.0
CURLE_HTTP2_STREAM 7.49.0
+CURLE_HTTP3 7.68.0
CURLE_HTTP_NOT_FOUND 7.1
CURLE_HTTP_PORT_FAILED 7.3 7.12.0
CURLE_HTTP_POST_ERROR 7.1
diff --git a/include/curl/curl.h b/include/curl/curl.h
index dcbe8995c..8c43fa884 100644
--- a/include/curl/curl.h
+++ b/include/curl/curl.h
@@ -501,7 +501,9 @@ typedef enum {
CURLE_FTP_COULDNT_SET_TYPE, /* 17 */
CURLE_PARTIAL_FILE, /* 18 */
CURLE_FTP_COULDNT_RETR_FILE, /* 19 */
- CURLE_OBSOLETE20, /* 20 - NOT USED */
+ CURLE_HTTP3, /* 20 - An HTTP/3 layer problem.
+ [was obsoleted in August 2007 for 7.17.0,
+ reused in November 2019 for 7.67.1] */
CURLE_QUOTE_ERROR, /* 21 - quote command failure */
CURLE_HTTP_RETURNED_ERROR, /* 22 */
CURLE_WRITE_ERROR, /* 23 */
diff --git a/lib/strerror.c b/lib/strerror.c
index 7aaa9f4a7..90e8a3131 100644
--- a/lib/strerror.c
+++ b/lib/strerror.c
@@ -314,8 +314,10 @@ curl_easy_strerror(CURLcode error)
case CURLE_AUTH_ERROR:
return "An authentication function returned an error";
+ case CURLE_HTTP3:
+ return "HTTP/3 error";
+
/* error codes not used by current libcurl */
- case CURLE_OBSOLETE20:
case CURLE_OBSOLETE24:
case CURLE_OBSOLETE29:
case CURLE_OBSOLETE32:
diff --git a/lib/vquic/quiche.c b/lib/vquic/quiche.c
index 0ee360d07..6f9a72579 100644
--- a/lib/vquic/quiche.c
+++ b/lib/vquic/quiche.c
@@ -379,6 +379,9 @@ static int cb_each_header(uint8_t *name, size_t name_len,
headers->destlen, "HTTP/3 %.*s\n",
(int) value_len, value);
}
+ else if(!headers->nlen) {
+ return CURLE_HTTP3;
+ }
else {
msnprintf(headers->dest,
headers->destlen, "%.*s: %.*s\n",
@@ -433,7 +436,9 @@ static ssize_t h3_stream_recv(struct connectdata *conn,
case QUICHE_H3_EVENT_HEADERS:
rc = quiche_h3_event_for_each_header(ev, cb_each_header, &headers);
if(rc) {
- /* what do we do about this? */
+ *curlcode = rc;
+ failf(data, "Error in HTTP/3 response header");
+ break;
}
recvd = headers.nlen;
break;
diff --git a/tests/data/test1538 b/tests/data/test1538
index 9374debb7..d59671d2a 100644
--- a/tests/data/test1538
+++ b/tests/data/test1538
@@ -52,7 +52,7 @@ e16: Error in the HTTP2 framing layer
e17: FTP: couldn't set file type
e18: Transferred a partial file
e19: FTP: couldn't retrieve (RETR failed) the specified file
-e20: Unknown error
+e20: HTTP/3 error
e21: Quote command returned error
e22: HTTP response code said error
e23: Failed writing received data to disk/application
--
To stop receiving notification emails like this one, please contact
address@hidden.
- [gnurl] branch master updated (70745a841 -> 486ada36f), gnunet, 2019/12/20
- [gnurl] 02/151: build: fix for CURL_DISABLE_DOH, gnunet, 2019/12/20
- [gnurl] 06/151: mailmap: fixup Massimiliano Fantuzzi, gnunet, 2019/12/20
- [gnurl] 05/151: scripts/contributors: make committers get included too, gnunet, 2019/12/20
- [gnurl] 04/151: configure: fix typo in help text, gnunet, 2019/12/20
- [gnurl] 10/151: checksrc: repair the copyrightyear check, gnunet, 2019/12/20
- [gnurl] 11/151: test1560: require IPv6 for IPv6 aware URL parsing, gnunet, 2019/12/20
- [gnurl] 03/151: ntlm: USE_WIN32_CRYPTO check removed to get USE_NTLM2SESSION set, gnunet, 2019/12/20
- [gnurl] 07/151: curlver: bump to 7.67.1, gnunet, 2019/12/20
- [gnurl] 01/151: configure: avoid unportable `==' test(1) operator, gnunet, 2019/12/20
- [gnurl] 22/151: quiche: reject headers in the wrong order,
gnunet <=
- [gnurl] 13/151: TODO: Run web-platform-tests url tests, gnunet, 2019/12/20
- [gnurl] 16/151: strerror: Fix an error looking up some Windows error strings, gnunet, 2019/12/20
- [gnurl] 21/151: openssl: prevent recursive function calls from ctx callbacks, gnunet, 2019/12/20
- [gnurl] 18/151: test1558: use double slash after file:, gnunet, 2019/12/20
- [gnurl] 12/151: TODO: 1.4 alt-svc sharing, gnunet, 2019/12/20
- [gnurl] 19/151: remove_handle: clear expire timers after multi_done(), gnunet, 2019/12/20
- [gnurl] 15/151: system.h: fix for MCST lcc compiler, gnunet, 2019/12/20
- [gnurl] 08/151: RELEASE-NOTES: synced, gnunet, 2019/12/20
- [gnurl] 24/151: curl: fix -T globbing, gnunet, 2019/12/20
- [gnurl] 20/151: CURL-DISABLE: initial docs for the CURL_DISABLE_* defines, gnunet, 2019/12/20