HoneyryderChuck
commented
3 months ago closing this, as it's fixed in 1.0.0 . The patch is a bit more involved than the linked one.
Closed cjyclaire closed 3 months ago
HoneyryderChuck
commented
3 months ago closing this, as it's fixed in 1.0.0 . The patch is a bit more involved than the linked one.
while there is configuration option for
:settings_header_table_sizehttps://github.com/igrigorik/http-2/blob/70a8a2eed17091e311322f28a7378bba744ad2a6/lib/http/2/connection.rb#L13there is no validation upon it for coming frames https://github.com/igrigorik/http-2/blob/70a8a2eed17091e311322f28a7378bba744ad2a6/lib/http/2/connection.rb#L580
May we have validation on coming frames
:settings_header_table_sizevalue be lower or equal to the limit set by the SETTINGS_HEADER_TABLE_SIZE parameter?https://http2.github.io/http2-spec/compression.html#encoding.context.update