HTTP/3: limited prefixed integers encoded length.

Similar to ngx_http_v2_module, the implementation limit is now set to 4 bytes length, see NGX_HTTP_V2_INT_OCTETS in ngx_http_v2_parse_int(). For example, this limits a maximum integer value encoded with a 7-bit prefix to 2097278, with similar limits using other prefixes.
2024-11-21 16:28:40 +00:00 · 2024-09-05 19:35:43 +04:00 · 2024-09-05 19:35:43 +04:00 · bd4b251bbc
commit bd4b251bbc
parent 042b9cc4db
1 changed files with 1 additions and 3 deletions
--- a/src/http/v3/ngx_http_v3_parse.c
+++ b/src/http/v3/ngx_http_v3_parse.c
@ -217,9 +217,7 @@ ngx_http_v3_parse_prefix_int(ngx_connection_t *c,

            st->value += (uint64_t) (ch & 0x7f) << st->shift;

-            if (st->shift == 56
-                && ((ch & 0x80) || (st->value & 0xc000000000000000)))
-            {
+            if (st->shift == 21) {
                ngx_log_error(NGX_LOG_INFO, c->log, 0,
                              "client exceeded integer size limit");
                return NGX_HTTP_V3_ERR_EXCESSIVE_LOAD;