Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix array out of bounds in hpack #183

Merged
merged 9 commits into from
Aug 20, 2022
Merged

Fix array out of bounds in hpack #183

merged 9 commits into from
Aug 20, 2022

Conversation

jonathanjameswatson
Copy link
Contributor

This PR stops the server from hanging when a response has a non-empty www-authenticate header.

PS: I was not able to easily run ocamlformat for this PR, so you may need to run it.

@anmonteiro
Copy link
Owner

Thank you! Could you provide more information as to how you came across this bug?

Ideally we would be able to craft a test that exposes the problem so that we don't regress in the future.

@anmonteiro
Copy link
Owner

PS: I was not able to easily run ocamlformat for this PR, so you may need to run it.

I just pushed a commit fixing this.

@jonathanjameswatson
Copy link
Contributor Author

Thank you! Could you provide more information as to how you came across this bug?

Ideally we would be able to craft a test that exposes the problem so that we don't regress in the future.

I came across this bug in a test that was trying to send a response with the www-authenticate header. I've added a test to my PR for this.

@anmonteiro
Copy link
Owner

Thanks for adding a test! I checked out the PR locally, and the fix makes sense.

I made a small modification to your patch that avoids allocating an option type when the static table entry is found.

@jonathanjameswatson
Copy link
Contributor Author

Thank you!

@anmonteiro anmonteiro merged commit e2e4aa3 into anmonteiro:master Aug 20, 2022
@anmonteiro
Copy link
Owner

Thanks again!

@jonathanjameswatson jonathanjameswatson deleted the fix-array-out-of-bounds branch August 21, 2022 13:42
@anmonteiro anmonteiro mentioned this pull request Mar 17, 2023
Merged
anmonteiro added a commit to anmonteiro/opam-repository that referenced this pull request Mar 17, 2023
@anmonteiro
[new release] hpack, h2, h2-mirage, h2-lwt, h2-lwt-unix, h2-eio and h…
e2acf10 
…2-async (0.10.0)

CHANGES:

- hpack: fix a case where hpack would raise an array out of bounds exception
  ([anmonteiro/ocaml-h2#183](anmonteiro/ocaml-h2#183))
  ([@jonathanjameswatson](https://github.com/jonathanjameswatson))
- h2: (client) handle multiple RST_STREAM frames
  ([anmonteiro/ocaml-h2#184](anmonteiro/ocaml-h2#184))
  ([@jonathanjameswatson](https://github.com/jonathanjameswatson))
- h2: (client) Fix a race condition with `~flush_headers_immediately:false` and
  empty request bodies
  ([anmonteiro/ocaml-h2#186](anmonteiro/ocaml-h2#186))
- h2: Make `H2.Reqd.error_code` part of the public interface
  ([anmonteiro/ocaml-h2#188](anmonteiro/ocaml-h2#188))
- h2: Add `~request_method` argument to `H2.Method.body_length`
  ([anmonteiro/ocaml-h2#190](anmonteiro/ocaml-h2#190))
  ([@jonathanjameswatson](https://github.com/jonathanjameswatson))
- h2: Don't send any frames on a stream after an `RST_STREAM` frame
  ([anmonteiro/ocaml-h2#187](anmonteiro/ocaml-h2#187),
  [anmonteiro/ocaml-h2#194](anmonteiro/ocaml-h2#194))
- h2: call error handler on the client if the remote peer closes the
  commmunication channel
  ([anmonteiro/ocaml-h2#177](anmonteiro/ocaml-h2#177),
  [anmonteiro/ocaml-h2#196](anmonteiro/ocaml-h2#194))
- h2: when reprioritizing a stream, respect its new priority (accounts for
  inferred default priority when a dependent stream is not in the tree
  ([RFC7540§5.3.1](https://www.rfc-editor.org/rfc/rfc7540.html#section-5.3.1)))
  ([anmonteiro/ocaml-h2#200](anmonteiro/ocaml-h2#200))
- h2: don't remove parent streams from the scheduler if they have children
  ([anmonteiro/ocaml-h2#201](anmonteiro/ocaml-h2#201))
- h2: don't schedule streams as dependencies of others marked for removal
  ([anmonteiro/ocaml-h2#205](anmonteiro/ocaml-h2#205))
- h2: revise scheduling algorithm to avoid starvation
  ([anmonteiro/ocaml-h2#199](anmonteiro/ocaml-h2#199),
  [anmonteiro/ocaml-h2#204](anmonteiro/ocaml-h2#204), reported in
  [anmonteiro/ocaml-h2#162](anmonteiro/ocaml-h2#162), thanks
  [@quernd](https://github.com/quernd))
- h2-eio: adapt to the next gluten-eio version
  ([anmonteiro/ocaml-h2#210](anmonteiro/ocaml-h2#210))
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@jonathanjameswatson @anmonteiro