From 714a9204b3183fe622dfbda0fa79e3155e13a89f Mon Sep 17 00:00:00 2001
From: Ludovic Orban <lorban@bitronix.be>
Date: Tue, 9 Jun 2020 16:59:49 +0200
Subject: [PATCH]  #4855 fix race condition that can sometimes make H2 stream
 send an improper reset with cancel error code instead of protocol error code
 when the client sends more data than the content-length header specifies

Signed-off-by: Ludovic Orban <lorban@bitronix.be>
---
 .../src/main/java/org/eclipse/jetty/http2/HTTP2Stream.java      | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/jetty-http2/http2-common/src/main/java/org/eclipse/jetty/http2/HTTP2Stream.java b/jetty-http2/http2-common/src/main/java/org/eclipse/jetty/http2/HTTP2Stream.java
index f8360ab0d09..3262d94e9a5 100644
--- a/jetty-http2/http2-common/src/main/java/org/eclipse/jetty/http2/HTTP2Stream.java
+++ b/jetty-http2/http2-common/src/main/java/org/eclipse/jetty/http2/HTTP2Stream.java
@@ -320,7 +320,7 @@ public class HTTP2Stream extends IdleTimeout implements IStream, Callback, Dumpa
         if (dataLength != Long.MIN_VALUE)
         {
             dataLength -= frame.remaining();
-            if (frame.isEndStream() && dataLength != 0)
+            if (dataLength < 0 || (frame.isEndStream() && dataLength != 0))
             {
                 reset(new ResetFrame(streamId, ErrorCode.PROTOCOL_ERROR.code), Callback.NOOP);
                 callback.failed(new IOException("invalid_data_length"));