HTTP2 body decompression fails on DATA with a single padded frame
Summary
HTTP/2 body decompression fails on single padded DATA frames. The HTTP/2 dissector hands the full tvb to fragment_add_seq_next()
along with the length. As it is a one-and-only "fragment", the reassembly functions do not create a reassembly, but only refer to the original tvb. The reassembly process_reassembled_data()
functions (both the one in epan
and the local one in HTTP2 that uses HTTP/2 specific data) pass back the original tvb but only adjust for the given offset, and do not truncate it to the given data length. dissect_http2_data_full_body()
hands the reported length of the tvb (still including the padding) to the decompression functions if possible. The decompression functions fail, not expecting the zero padding on the end.
Uncompressed frames also have the padding erroneously added to the data, but this is less harmful.
Steps to reproduce
Dissect a file with padded, compressed HTTP/2 DATA small enough to fit in a single frame, such as the sample file.
What is the current bug behavior?
Frames 19, 29, and 30 report that (Brotli) body decompression fails.
What is the expected correct behavior?
Decompression should succeed.
Sample capture file
Build information
Version 4.5.0 (v4.5.0rc0-730-g462f059c6673).
Compiled (64-bit) using GCC 14.2.1 20240912 (Red Hat 14.2.1-3), with GLib
2.80.3, with Qt 6.8.0, with libpcap, with POSIX capabilities (Linux), with libnl
3, with zlib 1.3.1.zlib-ng, with zlib-ng 2.1.7, with PCRE2, with Lua 5.4.6, with
GnuTLS 3.8.6 and PKCS #11 support, with Gcrypt 1.10.3-unknown, with Kerberos
(MIT), with MaxMind, with nghttp2 1.59.0, with nghttp3 0.15.90, with brotli,
with LZ4, with Zstandard, with Snappy, with libxml2 2.12.8, with libsmi 0.5.0,
with Minizip 3.0.10, with QtMultimedia, with QtDBus, without automatic updates,
with binary plugins.
Running on Linux 6.10.12-200.fc40.x86_64, with AMD Ryzen 5 5600X 6-Core
Processor (with SSE4.2), with 31997 MB of physical memory, with GLib 2.80.3,
with Qt 6.8.0, with libpcap 1.11.0-PRE-GIT (with TPACKET_V3), with zlib
1.3.1.zlib-ng, with PCRE2 10.44 2024-06-07, with c-ares 1.28.1, with GnuTLS
3.8.6, with Gcrypt 1.10.3-unknown, with nghttp2 1.59.0, with nghttp3 0.15.90,
with brotli 1.1.0, with LZ4 1.9.4, with Zstandard 1.5.6, with libsmi 0.5.0, with
light display mode, without HiDPI, with Wayland, with QPA plugin "wayland", with
LC_TYPE=en_US.UTF-8, binary plugins supported.