diff options
author | John Thacker <johnthacker@gmail.com> | 2023-12-05 22:43:26 -0500 |
---|---|---|
committer | John Thacker <johnthacker@gmail.com> | 2023-12-07 00:47:26 +0000 |
commit | 577cc97f322d5df60a1215061aa8dc4aa2a0f75b (patch) | |
tree | 82b95f67199b5d9c744baf7cf71f7a721d68c499 /file_packet_provider.c | |
parent | 62529defd3b27469d73a23d69941c7579545b935 (diff) |
HTTP3: Improve QPACK dissection split across packets, prevent crash
Pass the tvbuff and offset into read_qpack_prefixed_integer
instead of raw pointers, and call tvb_get_ptr before doing
the pointer arithmetic. This throws a ReportedBoundsError if
we're trying to get something at an illegal offset, instead of
crashing.
Catch the ReportedBoundsError there and when adding the opcode
to the tree in order to break out of the loop instead of having
malformed packets and failing to pass information to the qpack
decoder.
Pass the entire stream buffer to the nghttp3 qpack decoder,
not just what is decoded; it saves state and doing so is
necessary in order to handle QPACK instructions that are split
across QUIC packet boundaries.
We don't properly put the QPACK information into the proto
tree when it's split across boundaries still, but it at least
is processed by the decoder so that the HEADERS are now properly
displayed.
The QPACK information is also still passed to the decoder every time
a packet is dissected, which eventually results in the decoder erring
out (especially with random packet access.)
Fix #19502. Related to #19475.
Diffstat (limited to 'file_packet_provider.c')
0 files changed, 0 insertions, 0 deletions