From c26e16e1d48ff98297fdd5c24bc30f15455de54d Mon Sep 17 00:00:00 2001
From: Lena Biliaieva <lena.biliaieva@qt.io>
Date: Mon, 1 Jul 2024 14:57:41 +0200
Subject: [PATCH] QHttp2Connection: Return connection error if CONTINUATION
 isn't expected
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

According to RFC 9113: A CONTINUATION frame MUST be preceded by
a HEADERS, PUSH_PROMISE or CONTINUATION frame without the END_HEADERS
flag set. A recipient that observes violation of this rule MUST respond
with a connection error of type PROTOCOL_ERROR.

Task-number: QTBUG-122458
Change-Id: I1a052b1f4fc80aa73fad4fc18e3c063fb738ae4e
Reviewed-by: Øystein Heskestad <oystein.heskestad@qt.io>
Reviewed-by: Edward Welbourne <edward.welbourne@qt.io>
(cherry picked from commit 10b7b7fcf06d4ed5492e946ac93eb232c168e686)
Reviewed-by: Qt Cherry-pick Bot <cherrypick_bot@qt-project.org>
---
 src/network/access/qhttp2connection.cpp | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/src/network/access/qhttp2connection.cpp b/src/network/access/qhttp2connection.cpp
index 891b5bb99ed..258aeb43623 100644
--- a/src/network/access/qhttp2connection.cpp
+++ b/src/network/access/qhttp2connection.cpp
@@ -1556,6 +1556,9 @@ void QHttp2Connection::handleCONTINUATION()
     if (continuedFrames.empty())
         return connectionError(PROTOCOL_ERROR,
                                "CONTINUATION without a preceding HEADERS or PUSH_PROMISE");
+    if (!continuationExpected)
+        return connectionError(PROTOCOL_ERROR,
+                               "CONTINUATION after a frame with the END_HEADERS flag set");
 
     if (inboundFrame.streamID() != continuedFrames.front().streamID())
         return connectionError(PROTOCOL_ERROR, "CONTINUATION on invalid stream");