Closed cjyclaire closed 3 months ago
while there is configuration option for :settings_header_table_size https://github.com/igrigorik/http-2/blob/70a8a2eed17091e311322f28a7378bba744ad2a6/lib/http/2/connection.rb#L13
:settings_header_table_size
there is no validation upon it for coming frames https://github.com/igrigorik/http-2/blob/70a8a2eed17091e311322f28a7378bba744ad2a6/lib/http/2/connection.rb#L580
May we have validation on coming frames :settings_header_table_size value be lower or equal to the limit set by the SETTINGS_HEADER_TABLE_SIZE parameter?
https://http2.github.io/http2-spec/compression.html#encoding.context.update
closing this, as it's fixed in 1.0.0 . The patch is a bit more involved than the linked one.
while there is configuration option for
:settings_header_table_size
https://github.com/igrigorik/http-2/blob/70a8a2eed17091e311322f28a7378bba744ad2a6/lib/http/2/connection.rb#L13there is no validation upon it for coming frames https://github.com/igrigorik/http-2/blob/70a8a2eed17091e311322f28a7378bba744ad2a6/lib/http/2/connection.rb#L580
May we have validation on coming frames
:settings_header_table_size
value be lower or equal to the limit set by the SETTINGS_HEADER_TABLE_SIZE parameter?https://http2.github.io/http2-spec/compression.html#encoding.context.update