romenskiy2012/curl
1
0
Fork 0
mirror of https://github.com/curl/curl.git synced 2026-05-16 13:26:22 +03:00
Code Issues Projects Releases Packages Wiki Activity

cf-h2-proxy: drop interim responses

Browse source 
Any 1xx response before the CONNECT final one can be dropped as no one
uses those in the HTTP/2 proxy filter. This eliminates a potential
memory exhaustion by the famous malicious server on the internet.

Closes #21626
This commit is contained in:
Stefan Eissing 2026-05-15 13:03:02 +02:00 committed by Daniel Stenberg
parent 60cd4815fd
commit 12d6d8e26f
No known key found for this signature in database
GPG key ID: 5CC908FDB71E12C2
1 changed files with 3 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

5
lib/cf-h2-proxy.c
View file

@ -561,7 +561,7 @@ static int proxy_h2_on_header(nghttp2_session *session,
struct http_resp *resp;
/* status: always comes first, we might get more than one response,
* link the previous ones for keepers */
* discard previous, interim responses */
result = Curl_http_decode_status(&http_status,
(const char *)value, valuelen);
if(result)
@ -569,7 +569,8 @@ static int proxy_h2_on_header(nghttp2_session *session,
result = Curl_http_resp_make(&resp, http_status, NULL);
if(result)
return NGHTTP2_ERR_CALLBACK_FAILURE;
resp->prev = ctx->tunnel.resp;
if(ctx->tunnel.resp)
Curl_http_resp_free(ctx->tunnel.resp);
ctx->tunnel.resp = resp;
CURL_TRC_CF(data, cf, "[%d] status: HTTP/2 %03d",
stream_id, ctx->tunnel.resp->status);