commit d28b27ce496bca321b18dbdad3cfb05d5dcdcec6
author birenroy <birenroy@google.com> Fri Oct 28 08:47:09 2022 -0700
committer Copybara-Service <copybara-worker@google.com> Fri Oct 28 08:48:06 2022 -0700
tree 2ea0b094b76d6d139b6b9bff09dd5057cf1b2144
parent 194246b3522e6bfa1f7cf3cd3ef1313fd87dfa20

Rejects WINDOW_UPDATE frames that would cause a window overflow, as per Section 6.9.1 of RFC 9113.

PiperOrigin-RevId: 484541291

quiche/http2/adapter/oghttp2_adapter_test.cc

diff --git a/quiche/http2/adapter/oghttp2_adapter_test.cc b/quiche/http2/adapter/oghttp2_adapter_test.cc
index 2ccde27..70daec0 100644
--- a/quiche/http2/adapter/oghttp2_adapter_test.cc
+++ b/quiche/http2/adapter/oghttp2_adapter_test.cc
@@ -3894,6 +3894,72 @@
   adapter->Send();
 }
 
+TEST(OgHttp2AdapterTest, WindowUpdateCausesWindowOverflow) {
+  DataSavingVisitor visitor;
+  OgHttp2Adapter::Options options;
+  options.perspective = Perspective::kServer;
+  auto adapter = OgHttp2Adapter::Create(visitor, options);
+
+  const std::string data_chunk(kDefaultFramePayloadSizeLimit, 'a');
+  const std::string request =
+      TestFrameSequence()
+          .ClientPreface()
+          .Headers(1,
+                   {{":method", "GET"},
+                    {":scheme", "https"},
+                    {":authority", "example.com"},
+                    {":path", "/"}},
+                   /*fin=*/false)
+          .WindowUpdate(1, std::numeric_limits<int>::max())
+          .Data(1, "Subsequent frames on stream 1 are not delivered.")
+          .Serialize();
+  // Client preface (empty SETTINGS)
+  EXPECT_CALL(visitor, OnFrameHeader(0, 0, SETTINGS, 0));
+  EXPECT_CALL(visitor, OnSettingsStart());
+  EXPECT_CALL(visitor, OnSettingsEnd());
+  // Stream 1
+  EXPECT_CALL(visitor, OnFrameHeader(1, _, HEADERS, 4));
+  EXPECT_CALL(visitor, OnBeginHeadersForStream(1));
+  EXPECT_CALL(visitor, OnHeaderForStream).Times(4);
+  EXPECT_CALL(visitor, OnEndHeadersForStream(1));
+
+  EXPECT_CALL(visitor, OnFrameHeader(1, 4, WINDOW_UPDATE, 0));
+
+  adapter->ProcessBytes(request);
+
+  EXPECT_TRUE(adapter->want_write());
+  EXPECT_CALL(visitor, OnBeforeFrameSent(SETTINGS, 0, 6, 0x0));
+  EXPECT_CALL(visitor, OnFrameSent(SETTINGS, 0, 6, 0x0, 0));
+
+  EXPECT_CALL(visitor, OnBeforeFrameSent(SETTINGS, 0, 0, 0x1));
+  EXPECT_CALL(visitor, OnFrameSent(SETTINGS, 0, 0, 0x1, 0));
+
+  EXPECT_CALL(visitor, OnBeforeFrameSent(RST_STREAM, 1, _, 0x0));
+  EXPECT_CALL(
+      visitor,
+      OnFrameSent(RST_STREAM, 1, _, 0x0,
+                  static_cast<int>(Http2ErrorCode::FLOW_CONTROL_ERROR)));
+  EXPECT_CALL(visitor, OnCloseStream(1, _));
+
+  adapter->Send();
+
+  const std::string window_update =
+      TestFrameSequence()
+          .WindowUpdate(0, std::numeric_limits<int>::max())
+          .Serialize();
+
+  EXPECT_CALL(visitor, OnFrameHeader(0, 4, WINDOW_UPDATE, 0));
+  EXPECT_CALL(visitor, OnConnectionError(ConnectionError::kFlowControlError));
+  adapter->ProcessBytes(window_update);
+
+  EXPECT_CALL(visitor, OnBeforeFrameSent(GOAWAY, 0, _, 0x0));
+  EXPECT_CALL(
+      visitor,
+      OnFrameSent(GOAWAY, 0, _, 0x0,
+                  static_cast<int>(Http2ErrorCode::FLOW_CONTROL_ERROR)));
+  adapter->Send();
+}
+
 TEST(OgHttp2AdapterTest, WindowUpdateRaisesFlowControlWindowLimit) {
   DataSavingVisitor visitor;
   OgHttp2Adapter::Options options;

quiche/http2/adapter/oghttp2_session.cc

diff --git a/quiche/http2/adapter/oghttp2_session.cc b/quiche/http2/adapter/oghttp2_session.cc
index bcec1cd..52c0a12 100644
--- a/quiche/http2/adapter/oghttp2_session.cc
+++ b/quiche/http2/adapter/oghttp2_session.cc
@@ -1429,6 +1429,7 @@
 
 void OgHttp2Session::OnWindowUpdate(spdy::SpdyStreamId stream_id,
                                     int delta_window_size) {
+  constexpr int kMaxWindowValue = 2147483647;  // (1 << 31) - 1
   if (stream_id == 0) {
     if (delta_window_size == 0) {
       // A PROTOCOL_ERROR, according to RFC 9113 Section 6.9.
@@ -1436,6 +1437,13 @@
                           ConnectionError::kFlowControlError);
       return;
     }
+    if (connection_send_window_ > 0 &&
+        delta_window_size > (kMaxWindowValue - connection_send_window_)) {
+      // Window overflow is a FLOW_CONTROL_ERROR.
+      LatchErrorAndNotify(Http2ErrorCode::FLOW_CONTROL_ERROR,
+                          ConnectionError::kFlowControlError);
+      return;
+    }
     connection_send_window_ += delta_window_size;
   } else {
     if (delta_window_size == 0) {
@@ -1459,6 +1467,13 @@
       if (streams_reset_.contains(stream_id)) {
         return;
       }
+      if (it->second.send_window > 0 &&
+          delta_window_size > (kMaxWindowValue - it->second.send_window)) {
+        // Window overflow is a FLOW_CONTROL_ERROR.
+        EnqueueFrame(std::make_unique<spdy::SpdyRstStreamIR>(
+            stream_id, spdy::ERROR_CODE_FLOW_CONTROL_ERROR));
+        return;
+      }
       const bool was_blocked = (it->second.send_window <= 0);
       it->second.send_window += delta_window_size;
       if (was_blocked && it->second.send_window > 0) {