[Libwebsockets] empty settings frame from remote client
andy at warmcat.com
Wed Aug 26 12:17:27 CEST 2020
On 8/26/20 10:50 AM, Marek 'MMx' Ludha wrote:
> I believe there's a bug here:
> (also in master:
> This line disallows remote clients to send a Settings frame with length
> 0 without ACK flag set. I didn't find any mention in the RFC that this
> should be an error. On the contrary, it explicitly allows for empty
> Settings frame after client preface: "This sequence ["PRI *
> HTTP/2.0\r\n\r\nSM\r\n\r\n"] MUST be followed by a SETTINGS frame
> (Section 6.5), which MAY be empty."
> Is there any intention behind this check or do you consider it a bug?
The only intention was to be paranoid about what was coming in... but as
you point out the spec is telling that is allowed.
I pushed a patch on master and v4.0-stable removing the check.
> Marek Ludha
> Libwebsockets mailing list
> Libwebsockets at ml.libwebsockets.org
More information about the Libwebsockets