tatsuhiro-t
commented
10 years ago SPDY spec clearly says that Associated-To-Stream-ID of pushed stream must be existing, open stream and specifying 0 is disallowed for push.
From http://www.chromium.org/spdy/spdy-protocol/spdy-protocol-draft3-1 section 3.3.1: """ The Associated-To-Stream-ID must be the ID of an existing, open stream. The reason for this restriction is to have a clear endpoint for pushed content. If the user-agent requested a resource on stream 11, the server replies on stream 11. It can push any number of additional streams to the client before sending a FLAG_FIN on stream 11. However, once the originating stream is closed no further push streams may be associated with it. The pushed streams do not need to be closed (FIN set) before the originating stream is closed, they only need to be created before the originating stream closes.
It is illegal for a server to push a resource with the Associated-To-Stream-ID of 0. """
JamieMeyers
spdylay_session_validate_syn_stream will return invalid stream if the session is for a client, and the associated stream id is 0.
This is valid for draft 2, as it states "When a client receives a SYN_STREAM from the server with an Associated-To-Stream-ID of 0, it must reply with a RST_STREAM with error code INVALID_STREAM." However, for draft 3 and 3.1 states, the above sentence has been removed; all that is stated in the section is "When a SYN_STREAM and HEADERS frame which contains an Associated-To-Stream-ID is received, the client must not issue GET requests for the resource in the pushed stream, and instead wait for the pushed stream to arrive." There is no specific behavior defined when an Associated-To-Stream-ID of 0 is received.
Seems like spdylay_session_validate_syn_stream should checked if the version is 2 before returning invalid stream for client sessions. Thoughts?