From 795d20081e808efaedf744db0ff07421b49f8f2f Mon Sep 17 00:00:00 2001 From: Andy Green Date: Fri, 14 Aug 2020 08:56:19 +0100 Subject: [PATCH] coverity: 232068: hpack 6-bit index may be garbage It's possible an attacker may send an illegal dynamic index we can't succeed to look up --- lib/roles/h2/hpack.c | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/lib/roles/h2/hpack.c b/lib/roles/h2/hpack.c index 71adb6b7f..798b54d3b 100644 --- a/lib/roles/h2/hpack.c +++ b/lib/roles/h2/hpack.c @@ -1277,6 +1277,13 @@ fin: /* header length is determined by known index */ m = lws_token_from_index(wsi, h2n->hdr_idx, NULL, NULL, &h2n->hpack_hdr_len); + if (m < 0) + /* + * The peer may only send known 6-bit indexes, + * there's still the possibility it sends an unset + * dynamic index that we can't succeed to look up + */ + return 1; goto add_it; /* NEW literal hdr with value */ case HPKT_LITERAL_HDR_VALUE_INCR: