Skip to content
Permalink

Comparing changes

Choose two branches to see what’s changed or to start a new pull request. If you need to, you can also or learn more about diff comparisons.

Open a pull request

Create a new pull request by comparing changes across two branches. If you need to, you can also . Learn more about diff comparisons here.
base repository: hyperium/h2
Failed to load repositories. Confirm that selected base ref is valid, then try again.
Loading
base: v0.3.16
Choose a base ref
...
head repository: hyperium/h2
Failed to load repositories. Confirm that selected head ref is valid, then try again.
Loading
compare: v0.3.17
Choose a head ref
  • 7 commits
  • 16 files changed
  • 3 contributors

Commits on Feb 28, 2023

  1. chore: set rust-version in Cargo.toml (#664)

    @atouchet
    atouchet authored Feb 28, 2023
    Configuration menu
    Copy the full SHA
    45b9bcc View commit details
    Browse the repository at this point in the history

Commits on Apr 12, 2023

  1. chore: Replace unmaintained/outdated GitHub Actions

    @nickelc @seanmonstar
    nickelc authored and seanmonstar committed Apr 12, 2023
    Configuration menu
    Copy the full SHA
    d3d50ef View commit details
    Browse the repository at this point in the history

  2. chore: Use Cargo metadata for the MSRV build job

    @nickelc @seanmonstar
    nickelc authored and seanmonstar committed Apr 12, 2023
    Configuration menu
    Copy the full SHA
    481c31d View commit details
    Browse the repository at this point in the history

Commits on Apr 13, 2023

  1. feat: add Error::is_library method

    @seanmonstar
    seanmonstar committed Apr 13, 2023
    Configuration menu
    Copy the full SHA
    8088ca6 View commit details
    Browse the repository at this point in the history

  2. fix: limit the amount of pending-accept reset streams 

    Streams that have been received by the peer, but not accepted by the
user, can also receive a RST_STREAM. This is a legitimate pattern: one
could send a request and then shortly after, realize it is not needed,
sending a CANCEL.

However, since those streams are now "closed", they don't count towards
the max concurrent streams. So, they will sit in the accept queue, using
memory.

In most cases, the user is calling `accept` in a loop, and they can
accept requests that have been reset fast enough that this isn't an
issue in practice.

But if the peer is able to flood the network faster than the server
accept loop can run (simply accepting, not processing requests; that
tends to happen in a separate task), the memory could grow.

So, this introduces a maximum count for streams in the pending-accept
but remotely-reset state. If the maximum is reached, a GOAWAY frame with
the error code of ENHANCE_YOUR_CALM is sent, and the connection marks
itself as errored.

ref CVE-2023-26964
ref GHSA-f8vr-r385-rh5r

Closes hyperium/hyper#2877
    @seanmonstar
    seanmonstar committed Apr 13, 2023
    Configuration menu
    Copy the full SHA
    5bc8e72 View commit details
    Browse the repository at this point in the history

  3. feat: add max_pending_accept_reset_streams(n) options 

    The new option is available to both client and server `Builder`s.
    @seanmonstar
    seanmonstar committed Apr 13, 2023
    Configuration menu
    Copy the full SHA
    d3f37e9 View commit details
    Browse the repository at this point in the history

  4. v0.3.17

    @seanmonstar
    seanmonstar committed Apr 13, 2023
    Configuration menu
    Copy the full SHA
    af4bcac View commit details
    Browse the repository at this point in the history
Loading