From 69b9dcfadc80f9bfd91e8d68efdd35dbdebddbba Mon Sep 17 00:00:00 2001 From: James M Snell Date: Fri, 10 Aug 2018 15:07:51 -0700 Subject: [PATCH] http2: avoid race condition in OnHeaderCallback Fixes: https://github.com/nodejs/node/issues/21416 --- src/node_http2.cc | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/src/node_http2.cc b/src/node_http2.cc index 1274bc7f5b8d4d..12b0156f4a2e70 100644 --- a/src/node_http2.cc +++ b/src/node_http2.cc @@ -881,7 +881,12 @@ int Http2Session::OnHeaderCallback(nghttp2_session* handle, Http2Session* session = static_cast(user_data); int32_t id = GetFrameID(frame); Http2Stream* stream = session->FindStream(id); - CHECK_NOT_NULL(stream); + // If stream is null at this point, either something odd has happened + // or the stream was closed locally while header processing was occurring. + // either way, do not proceed and close the stream. + if (stream == nullptr) + return NGHTTP2_ERR_TEMPORAL_CALLBACK_FAILURE; + // If the stream has already been destroyed, ignore. if (!stream->IsDestroyed() && !stream->AddHeader(name, value, flags)) { // This will only happen if the connected peer sends us more