[Libwebsockets] empty settings frame from remote client
Andy Green
andy at warmcat.com
Wed Aug 26 12:17:27 CEST 2020
On 8/26/20 10:50 AM, Marek 'MMx' Ludha wrote:
> Hi.
>
> I believe there's a bug here:
> https://libwebsockets.org/git/libwebsockets/tree/lib/roles/h2/http2.c?h=v4.0-stable#n1109
> (also in master:
> https://libwebsockets.org/git/libwebsockets/tree/lib/roles/h2/http2.c#n1119)
> This line disallows remote clients to send a Settings frame with length
> 0 without ACK flag set. I didn't find any mention in the RFC that this
> should be an error. On the contrary, it explicitly allows for empty
> Settings frame after client preface: "This sequence ["PRI *
> HTTP/2.0\r\n\r\nSM\r\n\r\n"] MUST be followed by a SETTINGS frame
> (Section 6.5), which MAY be empty."
> (https://tools.ietf.org/html/rfc7540#section-3.5).
>
> Is there any intention behind this check or do you consider it a bug?
The only intention was to be paranoid about what was coming in... but as
you point out the spec is telling that is allowed.
I pushed a patch on master and v4.0-stable removing the check.
-Andy
> Regards,
> Marek Ludha
>
> _______________________________________________
> Libwebsockets mailing list
> Libwebsockets at ml.libwebsockets.org
> https://libwebsockets.org/mailman/listinfo/libwebsockets
>
More information about the Libwebsockets
mailing list