From 4ac6d3733307965201db7ebbd886ab3492239e88 Mon Sep 17 00:00:00 2001 From: Amaury Denoyelle Date: Mon, 14 Feb 2022 14:38:55 +0100 Subject: [PATCH] BUG/MINOR: h3: fix the header length for QPACK decoding Pass the H3 frame length to QPACK decoding instead of the length of the whole buffer. Without this fix, if there is multiple H3 frames starting with a HEADERS, QPACK decoding will be erroneously applied over all of them, most probably leading to a decoding error. --- src/h3.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/src/h3.c b/src/h3.c index 2e4a64c85..e68665bb3 100644 --- a/src/h3.c +++ b/src/h3.c @@ -134,14 +134,13 @@ static int h3_decode_qcs(struct qcs *qcs, int fin, void *ctx) case H3_FT_HEADERS: { const unsigned char *buf = (const unsigned char *)b_head(rxbuf); - size_t len = b_data(rxbuf); struct buffer htx_buf = BUF_NULL; struct buffer *tmp = get_trash_chunk(); struct ist meth = IST_NULL, path = IST_NULL; //struct ist scheme = IST_NULL, authority = IST_NULL; struct ist authority = IST_NULL; - if (qpack_decode_fs(buf, len, tmp, list) < 0) { + if (qpack_decode_fs(buf, flen, tmp, list) < 0) { h3->err = QPACK_DECOMPRESSION_FAILED; return -1; }