From 68d17643f5df467c634adc49f85306451f7668fc Mon Sep 17 00:00:00 2001 From: Daniel Stenberg Date: Mon, 20 Jul 2015 21:35:15 +0200 Subject: [PATCH] http2: add stream != NULL checks for reliability They should not trigger, but in case of internal problems we at least avoid crashes this way. --- lib/http2.c | 25 +++++++++++++++++++++++++ 1 file changed, 25 insertions(+) diff --git a/lib/http2.c b/lib/http2.c index fc0d5de91..0ac9c4b12 100644 --- a/lib/http2.c +++ b/lib/http2.c @@ -316,6 +316,11 @@ static int push_promise(struct SessionHandle *data, DEBUGF(infof(data, "Got PUSH_PROMISE, ask application!\n")); stream = data->req.protop; + if(!stream) { + failf(data, "Internal NULL stream!\n"); + rv = 1; + goto fail; + } rv = data->multi->push_cb(data, newhandle, stream->push_headers_used, &heads, @@ -391,6 +396,10 @@ static int on_frame_recv(nghttp2_session *session, const nghttp2_frame *frame, return NGHTTP2_ERR_CALLBACK_FAILURE; } stream = data_s->req.protop; + if(!stream) { + failf(conn->data, "Internal NULL stream! 2\n"); + return NGHTTP2_ERR_CALLBACK_FAILURE; + } } else /* we do nothing on stream zero */ @@ -529,6 +538,10 @@ static int on_data_chunk_recv(nghttp2_session *session, uint8_t flags, return NGHTTP2_ERR_CALLBACK_FAILURE; } stream = data_s->req.protop; + if(!stream) { + failf(conn->data, "Internal NULL stream! 3\n"); + return NGHTTP2_ERR_CALLBACK_FAILURE; + } nread = MIN(stream->len, len); memcpy(&stream->mem[stream->memlen], data, nread); @@ -617,6 +630,10 @@ static int on_stream_close(nghttp2_session *session, int32_t stream_id, return 0; } stream = data_s->req.protop; + if(!stream) { + failf(conn->data, "Internal NULL stream! 4\n"); + return NGHTTP2_ERR_CALLBACK_FAILURE; + } stream->error_code = error_code; stream->closed = TRUE; @@ -695,6 +712,10 @@ static int on_header(nghttp2_session *session, const nghttp2_frame *frame, return NGHTTP2_ERR_CALLBACK_FAILURE; } stream = data_s->req.protop; + if(!stream) { + failf(conn->data, "Internal NULL stream! 5\n"); + return NGHTTP2_ERR_CALLBACK_FAILURE; + } if(stream->bodystarted) /* Ignore trailer or HEADERS not mapped to HTTP semantics. The @@ -793,6 +814,10 @@ static ssize_t data_source_read_callback(nghttp2_session *session, return NGHTTP2_ERR_CALLBACK_FAILURE; } stream = data_s->req.protop; + if(!stream) { + failf(conn->data, "Internal NULL stream! 6\n"); + return NGHTTP2_ERR_CALLBACK_FAILURE; + } } else { failf(conn->data, "nghttp2 confusion"); -- 2.40.0