bail after too many failed reads

Submitted By: icing



git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1916771 13f79535-47bb-0310-9956-ffa450edef68

Author: covener

modules/http2/h2_session.c

@@ -319,9 +319,13 @@ static int on_header_cb(nghttp2_session *ngh2, const nghttp2_frame *frame,
 
     status = h2_stream_add_header(stream, (const char *)name, namelen,
                                   (const char *)value, valuelen);
-    if (status != APR_SUCCESS
-        && (!stream->rtmp
-            || stream->rtmp->http_status == H2_HTTP_STATUS_UNSET)) {
+    if (status != APR_SUCCESS &&
+        (!stream->rtmp ||
+         stream->rtmp->http_status == H2_HTTP_STATUS_UNSET ||
+         /* We accept a certain amount of failures in order to reply
+          * with an informative HTTP error response like 413. But if the
+          * client is too wrong, we fail the request a RESET of the stream */
+         stream->request_headers_failed > 100)) {
         return NGHTTP2_ERR_TEMPORAL_CALLBACK_FAILURE;
     }
     return 0;

modules/http2/h2_stream.c

@@ -813,6 +813,7 @@ apr_status_t h2_stream_add_header(h2_stream *stream,
 
 cleanup:
     if (error) {
+        ++stream->request_headers_failed;
         set_error_response(stream, error);
         return APR_EINVAL; 
     }

modules/http2/h2_stream.h

@@ -91,6 +91,7 @@ struct h2_stream {
     struct h2_request *rtmp;    /* request being assembled */
     apr_table_t *trailers_in;   /* optional, incoming trailers */
     int request_headers_added;  /* number of request headers added */
+    int request_headers_failed; /* number of request headers failed to add */
 
 #if AP_HAS_RESPONSE_BUCKETS
     ap_bucket_response *response; /* the final, non-interim response or NULL */