diff options
| -rw-r--r-- | net/spdy/spdy_framer.cc | 141 | ||||
| -rw-r--r-- | net/spdy/spdy_framer.h | 10 |
2 files changed, 74 insertions, 77 deletions
diff --git a/net/spdy/spdy_framer.cc b/net/spdy/spdy_framer.cc index 4d4a25f..1a72f35 100644 --- a/net/spdy/spdy_framer.cc +++ b/net/spdy/spdy_framer.cc @@ -56,6 +56,8 @@ bool g_enable_compression_default = true; } // namespace +const int SpdyFramer::kMinSpdyVersion = 2; +const int SpdyFramer::kMaxSpdyVersion = 3; const SpdyStreamId SpdyFramer::kInvalidStream = -1; const size_t SpdyFramer::kHeaderDataChunkMaxSize = 1024; const size_t SpdyFramer::kControlFrameBufferSize = @@ -120,15 +122,14 @@ SpdyFramer::SpdyFramer(int version) remaining_control_header_(0), current_frame_buffer_(new char[kControlFrameBufferSize]), current_frame_len_(0), - validate_control_frame_sizes_(true), enable_compression_(g_enable_compression_default), visitor_(NULL), display_protocol_("SPDY"), spdy_version_(version), syn_frame_processed_(false), probable_http_response_(false) { - DCHECK_GE(3, version); - DCHECK_LE(2, version); + DCHECK_GE(kMaxSpdyVersion, version); + DCHECK_LE(kMinSpdyVersion, version); } SpdyFramer::~SpdyFramer() { @@ -442,75 +443,73 @@ void SpdyFramer::ProcessControlFrameHeader() { return; } - if (validate_control_frame_sizes_) { - // Do some sanity checking on the control frame sizes. - switch (current_control_frame.type()) { - case SYN_STREAM: - if (current_control_frame.length() < - SpdySynStreamControlFrame::size() - SpdyControlFrame::kHeaderSize) - set_error(SPDY_INVALID_CONTROL_FRAME); - break; - case SYN_REPLY: - if (current_control_frame.length() < - SpdySynReplyControlFrame::size() - SpdyControlFrame::kHeaderSize) - set_error(SPDY_INVALID_CONTROL_FRAME); - break; - case RST_STREAM: - if (current_control_frame.length() != - SpdyRstStreamControlFrame::size() - SpdyFrame::kHeaderSize) - set_error(SPDY_INVALID_CONTROL_FRAME); - break; - case SETTINGS: - // Make sure that we have an integral number of 8-byte key/value pairs, - // plus a 4-byte length field. - if (current_control_frame.length() < - SpdySettingsControlFrame::size() - SpdyControlFrame::kHeaderSize || - (current_control_frame.length() % 8 != 4)) { - DLOG(WARNING) << "Invalid length for SETTINGS frame: " - << current_control_frame.length(); - set_error(SPDY_INVALID_CONTROL_FRAME); - } - break; - case GOAWAY: - { - // SPDY 2 GOAWAY frames are 4 bytes smaller than in SPDY 3. We account - // for this difference via a separate offset variable, since - // SpdyGoAwayControlFrame::size() returns the SPDY 3 size. - const size_t goaway_offset = (protocol_version() < 3) ? 4 : 0; - if (current_control_frame.length() + goaway_offset != - SpdyGoAwayControlFrame::size() - SpdyFrame::kHeaderSize) - set_error(SPDY_INVALID_CONTROL_FRAME); - break; - } - case HEADERS: - if (current_control_frame.length() < - SpdyHeadersControlFrame::size() - SpdyControlFrame::kHeaderSize) - set_error(SPDY_INVALID_CONTROL_FRAME); - break; - case WINDOW_UPDATE: - if (current_control_frame.length() != - SpdyWindowUpdateControlFrame::size() - - SpdyControlFrame::kHeaderSize) - set_error(SPDY_INVALID_CONTROL_FRAME); - break; - case PING: - if (current_control_frame.length() != - SpdyPingControlFrame::size() - SpdyControlFrame::kHeaderSize) - set_error(SPDY_INVALID_CONTROL_FRAME); - break; - case CREDENTIAL: - if (current_control_frame.length() < - SpdyCredentialControlFrame::size() - SpdyControlFrame::kHeaderSize) + // Do some sanity checking on the control frame sizes. + switch (current_control_frame.type()) { + case SYN_STREAM: + if (current_control_frame.length() < + SpdySynStreamControlFrame::size() - SpdyControlFrame::kHeaderSize) + set_error(SPDY_INVALID_CONTROL_FRAME); + break; + case SYN_REPLY: + if (current_control_frame.length() < + SpdySynReplyControlFrame::size() - SpdyControlFrame::kHeaderSize) + set_error(SPDY_INVALID_CONTROL_FRAME); + break; + case RST_STREAM: + if (current_control_frame.length() != + SpdyRstStreamControlFrame::size() - SpdyFrame::kHeaderSize) + set_error(SPDY_INVALID_CONTROL_FRAME); + break; + case SETTINGS: + // Make sure that we have an integral number of 8-byte key/value pairs, + // plus a 4-byte length field. + if (current_control_frame.length() < + SpdySettingsControlFrame::size() - SpdyControlFrame::kHeaderSize || + (current_control_frame.length() % 8 != 4)) { + DLOG(WARNING) << "Invalid length for SETTINGS frame: " + << current_control_frame.length(); + set_error(SPDY_INVALID_CONTROL_FRAME); + } + break; + case GOAWAY: + { + // SPDY 2 GOAWAY frames are 4 bytes smaller than in SPDY 3. We account + // for this difference via a separate offset variable, since + // SpdyGoAwayControlFrame::size() returns the SPDY 3 size. + const size_t goaway_offset = (protocol_version() < 3) ? 4 : 0; + if (current_control_frame.length() + goaway_offset != + SpdyGoAwayControlFrame::size() - SpdyFrame::kHeaderSize) set_error(SPDY_INVALID_CONTROL_FRAME); break; - default: - LOG(WARNING) << "Valid " << display_protocol_ - << " control frame with unhandled type: " - << current_control_frame.type(); - DCHECK(false); + } + case HEADERS: + if (current_control_frame.length() < + SpdyHeadersControlFrame::size() - SpdyControlFrame::kHeaderSize) set_error(SPDY_INVALID_CONTROL_FRAME); - break; - } + break; + case WINDOW_UPDATE: + if (current_control_frame.length() != + SpdyWindowUpdateControlFrame::size() - + SpdyControlFrame::kHeaderSize) + set_error(SPDY_INVALID_CONTROL_FRAME); + break; + case PING: + if (current_control_frame.length() != + SpdyPingControlFrame::size() - SpdyControlFrame::kHeaderSize) + set_error(SPDY_INVALID_CONTROL_FRAME); + break; + case CREDENTIAL: + if (current_control_frame.length() < + SpdyCredentialControlFrame::size() - SpdyControlFrame::kHeaderSize) + set_error(SPDY_INVALID_CONTROL_FRAME); + break; + default: + LOG(WARNING) << "Valid " << display_protocol_ + << " control frame with unhandled type: " + << current_control_frame.type(); + DCHECK(false); + set_error(SPDY_INVALID_CONTROL_FRAME); + break; } remaining_control_payload_ = current_control_frame.length(); @@ -1723,10 +1722,6 @@ void SpdyFramer::set_enable_compression(bool value) { enable_compression_ = value; } -void SpdyFramer::set_validate_control_frame_sizes(bool value) { - validate_control_frame_sizes_ = value; -} - void SpdyFramer::set_enable_compression_default(bool value) { g_enable_compression_default = value; } diff --git a/net/spdy/spdy_framer.h b/net/spdy/spdy_framer.h index d98f253a..cf2937c 100644 --- a/net/spdy/spdy_framer.h +++ b/net/spdy/spdy_framer.h @@ -220,6 +220,12 @@ class NET_EXPORT_PRIVATE SpdyFramer { LAST_ERROR, // Must be the last entry in the enum. }; + // The minimum supported SPDY version that SpdyFramer can speak. + static const int kMinSpdyVersion; + + // The maximum supported SPDY version that SpdyFramer can speak. + static const int kMaxSpdyVersion; + // Constant for invalid (or unknown) stream IDs. static const SpdyStreamId kInvalidStream; @@ -393,9 +399,6 @@ class NET_EXPORT_PRIVATE SpdyFramer { // For ease of testing and experimentation we can tweak compression on/off. void set_enable_compression(bool value); - // SPDY will by default validate the length of incoming control - // frames. Set validation to false if you do not want this behavior. - void set_validate_control_frame_sizes(bool value); static void set_enable_compression_default(bool value); // Used only in log messages. @@ -546,7 +549,6 @@ class NET_EXPORT_PRIVATE SpdyFramer { // current_frame_buffer_. SpdySettingsScratch settings_scratch_; - bool validate_control_frame_sizes_; bool enable_compression_; // Controls all compression // SPDY header compressors. scoped_ptr<z_stream> header_compressor_; |