coverity: 232068: hpack 6-bit index may be garbage

It's possible an attacker may send an illegal dynamic index we can't succeed to look up
2025-03-16 00:00:07 +01:00 · 2020-08-14 08:56:19 +01:00 · 2020-08-14 08:56:19 +01:00 · 795d20081e
commit 795d20081e
parent ecb8de3386
1 changed files with 7 additions and 0 deletions
--- a/lib/roles/h2/hpack.c
+++ b/lib/roles/h2/hpack.c
@ -1277,6 +1277,13 @@ fin:
 			/* header length is determined by known index */
 			m = lws_token_from_index(wsi, h2n->hdr_idx, NULL, NULL,
 					&h2n->hpack_hdr_len);
+			if (m < 0)
+				/*
+				 * The peer may only send known 6-bit indexes,
+				 * there's still the possibility it sends an unset
+				 * dynamic index that we can't succeed to look up
+				 */
+				return 1;
 			goto add_it;
 		/* NEW literal hdr with value */
 		case HPKT_LITERAL_HDR_VALUE_INCR: