http2: Don't pass unitialized name+len pairs to nghttp2_submit_request

bug introduced by 1869164293.

Closes #493
This commit is contained in:
Anders Bakken
2015-10-16 11:51:12 -07:00
committed by Daniel Stenberg
parent 3fde8a4971
commit 2b98cb57c4

View File

@@ -1290,14 +1290,19 @@ static ssize_t http2_send(struct connectdata *conn, int sockindex,
authority_idx = 0; authority_idx = 0;
for(i = 3; i < nheader; ++i) { i = 3;
while(i < nheader) {
size_t hlen; size_t hlen;
int skip = 0;
end = strchr(hdbuf, ':'); end = strchr(hdbuf, ':');
if(!end) if(!end)
goto fail; goto fail;
hlen = end - hdbuf; hlen = end - hdbuf;
if(hlen == 10 && Curl_raw_nequal("connection", hdbuf, 10)) if(hlen == 10 && Curl_raw_nequal("connection", hdbuf, 10)) {
; /* skip Connection: headers! */ /* skip Connection: headers! */
skip = 1;
--nheader;
}
else if(hlen == 4 && Curl_raw_nequal("host", hdbuf, 4)) { else if(hlen == 4 && Curl_raw_nequal("host", hdbuf, 4)) {
authority_idx = i; authority_idx = i;
nva[i].name = (unsigned char *)":authority"; nva[i].name = (unsigned char *)":authority";
@@ -1312,11 +1317,10 @@ static ssize_t http2_send(struct connectdata *conn, int sockindex,
end = strchr(hdbuf, 0x0d); end = strchr(hdbuf, 0x0d);
if(!end) if(!end)
goto fail; goto fail;
if(!skip) {
nva[i].value = (unsigned char *)hdbuf; nva[i].value = (unsigned char *)hdbuf;
nva[i].valuelen = (uint16_t)(end - hdbuf); nva[i].valuelen = (uint16_t)(end - hdbuf);
nva[i].flags = NGHTTP2_NV_FLAG_NONE; nva[i].flags = NGHTTP2_NV_FLAG_NONE;
hdbuf = end + 2;
/* Inspect Content-Length header field and retrieve the request /* Inspect Content-Length header field and retrieve the request
entity length so that we can set END_STREAM to the last DATA entity length so that we can set END_STREAM to the last DATA
frame. */ frame. */
@@ -1333,6 +1337,9 @@ static ssize_t http2_send(struct connectdata *conn, int sockindex,
CURL_FORMAT_CURL_OFF_T CURL_FORMAT_CURL_OFF_T
"\n", stream->upload_left)); "\n", stream->upload_left));
} }
++i;
}
hdbuf = end + 2;
} }
/* :authority must come before non-pseudo header fields */ /* :authority must come before non-pseudo header fields */
@@ -1391,7 +1398,7 @@ static ssize_t http2_send(struct connectdata *conn, int sockindex,
return len; return len;
fail: fail:
free(nva); free(nva);
*err = CURLE_SEND_ERROR; *err = CURLE_SEND_ERROR;
return -1; return -1;