- From: James M Snell <jasnell@gmail.com>
- Date: Fri, 10 May 2013 16:29:00 -0700
- To: "ietf-http-wg@w3.org" <ietf-http-wg@w3.org>
See: [1] and [2] for pull requests with suggested spec text dealing with this issue: [1] https://github.com/http2/http2-spec/pull/92 (re: frame sizes) [2] https://github.com/http2/http2-spec/pull/93 (re: security considerations) On Thu, May 9, 2013 at 10:26 AM, James M Snell <jasnell@gmail.com> wrote: > In going through a number of issues relating to frame sizes, I note > that the spec currently does not deal with the issue of "overlong" or > padded frames. That is, what happens if a frame contains more data > than what is explicitly called for in it's definition. > > For instance, the GOAWAY frame currently defines it's payload as a > 32-bit error code. What happens if that frame contains more than > 32-bits? .. e.g. > > 00 40 07 00 00 00 00 00 > 0A BC DE FF FF FF FF FF > > An implementation that is not being careful could completely miss the > extra junk bytes here. For GOAWAY it's obviously not too much of a > concern, but the risk for abuse exists for all frames that define a > specific structure for the payload data. > > Recommendation: Adding a short statement that a PROTOCOL_ERROR MUST be > returned if a frame contains more bytes than what is expressly > specified in the frame definition. > > - James
Received on Friday, 10 May 2013 23:29:47 UTC