W3C home > Mailing lists > Public > ietf-http-wg@w3.org > April to June 2013

Re: Design Issue: Overlong Frames

From: James M Snell <jasnell@gmail.com>
Date: Fri, 10 May 2013 16:29:00 -0700
Message-ID: <CABP7Rbc9whm3quCKO3EA3kg-BTCetLz4D0PYXoiepEjUKESueg@mail.gmail.com>
To: "ietf-http-wg@w3.org" <ietf-http-wg@w3.org>
See: [1] and [2] for pull requests with suggested spec text dealing
with this issue:

[1] https://github.com/http2/http2-spec/pull/92 (re: frame sizes)
[2] https://github.com/http2/http2-spec/pull/93 (re: security considerations)

On Thu, May 9, 2013 at 10:26 AM, James M Snell <jasnell@gmail.com> wrote:
> In going through a number of issues relating to frame sizes, I note
> that the spec currently does not deal with the issue of "overlong" or
> padded frames. That is, what happens if a frame contains more data
> than what is explicitly called for in it's definition.
>
> For instance, the GOAWAY frame currently defines it's payload as a
> 32-bit error code. What happens if that frame contains more than
> 32-bits? .. e.g.
>
>   00 40 07 00 00 00 00 00
>   0A BC DE FF FF FF FF FF
>
> An implementation that is not being careful could completely miss the
> extra junk bytes here. For GOAWAY it's obviously not too much of a
> concern, but the risk for abuse exists for all frames that define a
> specific structure for the payload data.
>
> Recommendation: Adding a short statement that a PROTOCOL_ERROR MUST be
> returned if a frame contains more bytes than what is expressly
> specified in the frame definition.
>
> - James
Received on Friday, 10 May 2013 23:29:47 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 1 March 2016 11:11:13 UTC