Closed Bug 718210 Opened 8 years ago Closed 8 years ago

spdy hdr decompress context screwed up by server push

Categories

(Core :: Networking: HTTP, defect)

x86_64
Linux
defect
Not set

Tracking

()

RESOLVED FIXED
mozilla12
Tracking Status
firefox10 --- unaffected
firefox11 --- affected
firefox12 --- fixed

People

(Reporter: mcmanus, Assigned: mcmanus)

Details

(Whiteboard: [qa?])

Attachments

(1 file)

node-spdy is the first backend to implement server push. right now we rst any pushed streams, but we need to decompress the headers in those push frames so that the decompress context stays in sync with the sender. confirmed that interop continues with the patch attached to this bug.
Attached patch patch 0Splinter Review
Hi honza, this is an interop issue so I'd like to expedite it to whatever extent possible.. might even nom for aurora.
Assignee: nobody → mcmanus
Status: NEW → ASSIGNED
Attachment #588668 - Flags: review?(honzab.moz)
Btw, supporting push streams would be cool feature too :)
(In reply to Fedor Indutny from comment #2)
> Btw, supporting push streams would be cool feature too :)

yes - just a few things to sort out to make sure there isn't room for cache poisoning attacks and so on..
Comment on attachment 588668 [details] [diff] [review]
patch 0

Review of attachment 588668 [details] [diff] [review]:
-----------------------------------------------------------------

Ups.. I didn't catch this even during the review (almost done by this time, btw).

r=honzab

For channel drivers: this is patch for a bug in a feature that is by default pref'ed off but people out there are testing it by manually pref'ing it on (including my self).  So it would be helpful and harmless to land it on aurora as well.

::: netwerk/protocol/http/SpdySession.cpp
@@ +776,5 @@
>  {
>    NS_ABORT_IF_FALSE(self->mFrameControlType == CONTROL_TYPE_SYN_STREAM,
>                      "wrong control type");
>    
> +  if (self->mFrameDataSize < 18) {

Hmm.. a bug in the spec apparently.
Attachment #588668 - Flags: review?(honzab.moz)
Attachment #588668 - Flags: review+
Attachment #588668 - Flags: approval-mozilla-aurora?
https://hg.mozilla.org/mozilla-central/rev/59cb54c6dfe1
Status: ASSIGNED → RESOLVED
Closed: 8 years ago
Resolution: --- → FIXED
Version: 11 Branch → Trunk
Target Milestone: --- → mozilla12
Attachment #588668 - Flags: approval-mozilla-aurora? → approval-mozilla-aurora+
Is this something QA can verify?
Whiteboard: [qa?]
You need to log in before you can comment on or make changes to this bug.