size check on `WINDOW_UPDATE` frame

MangoIV commented 5 months ago

Hi! I have a question, as follows:

receiving a FrameWindowUpdate (which I assume corresponds to https://datatracker.ietf.org/doc/html/rfc9113#name-window_update) triggers an increaseStreamWindowSize strm n

increaseStreamWindowSize strm n does the following check:

w <- txWindowSize <$> readTVarIO tvar
when (isWindowOverflow w) $ do
    let msg = fromString ("window update for stream " ++ show sid ++ " is overflow")
        err =
            if isControl sid
                then ConnectionErrorIsSent
                else StreamErrorIsSent
    E.throwIO $ err FlowControlError sid msg

this raises following question:
- RFC 9113 specifies
  
  The legal range for the increment to the flow-control window is 1 to 231-1 (2,147,483,647) octets.
so I would expect there to be a check on the legal range, i.e. a guard on the n which is the actual size of the increment, no?

edit: it appears decodeWindowUpdateFrame does this.

Thanks in advance!

MangoIV commented 5 months ago

mmh, it appears the guard is justified by

A sender MUST NOT allow a flow-control window to exceed 231-1 octets. If a sender receives a WINDOW_UPDATE that causes a flow-control window to exceed this maximum, it MUST terminate either the stream or the connection, as appropriate. For streams, the sender sends a RST_STREAM with an error code of FLOW_CONTROL_ERROR; for the connection, a GOAWAY frame with an error code of FLOW_CONTROL_ERROR is sent.

kazu-yamamoto commented 5 months ago

@MangoIV Did you find the answer by yourself? If so, please close this issue.

kazu-yamamoto commented 5 months ago

May bad. Never mind. This is already closed.

kazu-yamamoto / http2

size check on `WINDOW_UPDATE` frame #118