Issue #9554 - changes from review

Signed-off-by: Lachlan Roberts <lachlan@webtide.com>
2023-05-01 19:23:02 +10:00 · 2023-05-01 19:23:02 +10:00 · c2d2c1eadb
parent d0294fc10c
commit c2d2c1eadb
4 changed files with 3 additions and 23 deletions
--- a/jetty-http/src/main/java/org/eclipse/jetty/http/HttpTokens.java
+++ b/jetty-http/src/main/java/org/eclipse/jetty/http/HttpTokens.java
@ -264,7 +264,6 @@ public class HttpTokens
        return c;
    }

-
    /**
     * Checks whether this is an invalid VCHAR based on RFC9110.
     * If this not a valid ISO-8859-1 character or a control character
--- a/jetty-http2/http2-hpack/src/main/java/org/eclipse/jetty/http2/hpack/HpackDecoder.java
+++ b/jetty-http2/http2-hpack/src/main/java/org/eclipse/jetty/http2/hpack/HpackDecoder.java
@ -72,7 +72,8 @@ public class HpackDecoder
        if (LOG.isDebugEnabled())
            LOG.debug(String.format("CtxTbl[%x] decoding %d octets", _context.hashCode(), buffer.remaining()));

-        // If the buffer is big, don't even think about decoding it
+        // If the buffer is big, don't even think about decoding it.
+        // Huffman may double the size, but it will only be a temporary allocation until detected in MetaDataBuilder.emit().
        if (buffer.remaining() > _builder.getMaxSize())
            throw new HpackException.SessionException("431 Request Header Fields too large");

@ -169,7 +170,6 @@ public class HpackDecoder
                {
                    huffmanName = (buffer.get() & 0x80) == 0x80;
                    int length = integerDecode(buffer, 7);
-                    _builder.checkSize(length, huffmanName);
                    if (huffmanName)
                        name = huffmanDecode(buffer, length);
                    else
@ -210,7 +210,6 @@ public class HpackDecoder
                // decode the value
                boolean huffmanValue = (buffer.get() & 0x80) == 0x80;
                int length = integerDecode(buffer, 7);
-                _builder.checkSize(length, huffmanValue);
                if (huffmanValue)
                    value = huffmanDecode(buffer, length);
                else
--- a/jetty-http2/http2-hpack/src/main/java/org/eclipse/jetty/http2/hpack/MetaDataBuilder.java
+++ b/jetty-http2/http2-hpack/src/main/java/org/eclipse/jetty/http2/hpack/MetaDataBuilder.java
@ -280,23 +280,4 @@ public class MetaDataBuilder
            _contentLength = -1;
        }
    }
-
-    /**
-     * Check that the max size will not be exceeded.
-     *
-     * @param length the length
-     * @param huffman the huffman name
-     * @throws SessionException in case of size errors
-     */
-    public void checkSize(int length, boolean huffman) throws SessionException
-    {
-        if (length < 0)
-            throw new IllegalArgumentException();
-
-        // Apply a huffman fudge factor
-        if (huffman)
-            length = Math.multiplyExact(length, 4) / 3;
-        if (Math.addExact(_size, length) > _maxSize)
-            throw new SessionException("Header too large %d > %d", _size + length, _maxSize);
-    }
 }
--- a/jetty-http3/http3-qpack/src/main/java/org/eclipse/jetty/http3/qpack/QpackDecoder.java
+++ b/jetty-http3/http3-qpack/src/main/java/org/eclipse/jetty/http3/qpack/QpackDecoder.java
@ -136,6 +136,7 @@ public class QpackDecoder implements Dumpable
            LOG.debug("Decoding: streamId={}, buffer={}", streamId, BufferUtil.toDetailString(buffer));

        // If the buffer is big, don't even think about decoding it
+        // Huffman may double the size, but it will only be a temporary allocation until detected in MetaDataBuilder.emit().
        int maxHeaderSize = getMaxHeaderSize();
        if (buffer.remaining() > maxHeaderSize)
            throw new QpackException.SessionException(QPACK_DECOMPRESSION_FAILED, "header_too_large");