deps: update to nghttp2 1.32.0

This fixes CVE-2018-1000168.

PR-URL: https://github.com/nodejs-private/node-private/pull/124
Reviewed-By: Matteo Collina <matteo.collina@gmail.com>
Reviewed-By: Evan Lucas <evanlucas@me.com>

Author: jasnell

deps/nghttp2/lib/CMakeLists.txt

@@ -49,7 +49,7 @@ target_include_directories(nghttp2 INTERFACE
     "${CMAKE_CURRENT_SOURCE_DIR}/includes"
     )
 
-if(HAVE_CUNIT)
+if(HAVE_CUNIT OR ENABLE_STATIC_LIB)
   # Static library (for unittests because of symbol visibility)
   add_library(nghttp2_static STATIC ${NGHTTP2_SOURCES})
   set_target_properties(nghttp2_static PROPERTIES
@@ -58,6 +58,10 @@ if(HAVE_CUNIT)
     ARCHIVE_OUTPUT_NAME nghttp2
   )
   target_compile_definitions(nghttp2_static PUBLIC "-DNGHTTP2_STATICLIB")
+  if(ENABLE_STATIC_LIB)
+    install(TARGETS nghttp2_static
+      DESTINATION "${CMAKE_INSTALL_LIBDIR}")
+  endif()
 endif()
 
 install(TARGETS nghttp2

deps/nghttp2/lib/includes/nghttp2/nghttp2.h

@@ -3081,6 +3081,16 @@ NGHTTP2_EXTERN int
 nghttp2_session_set_stream_user_data(nghttp2_session *session,
                                      int32_t stream_id, void *stream_user_data);
 
+/**
+ * @function
+ *
+ * Sets |user_data| to |session|, overwriting the existing user data
+ * specified in `nghttp2_session_client_new()`, or
+ * `nghttp2_session_server_new()`.
+ */
+NGHTTP2_EXTERN void nghttp2_session_set_user_data(nghttp2_session *session,
+                                                  void *user_data);
+
 /**
  * @function
  *

deps/nghttp2/lib/includes/nghttp2/nghttp2ver.h

@@ -29,14 +29,14 @@
  * @macro
  * Version number of the nghttp2 library release
  */
-#define NGHTTP2_VERSION "1.29.0"
+#define NGHTTP2_VERSION "1.32.0"
 
 /**
  * @macro
  * Numerical representation of the version number of the nghttp2 library
  * release. This is a 24 bit number with 8 bits for major number, 8 bits
  * for minor and 8 bits for patch. Version 1.2.3 becomes 0x010203.
  */
-#define NGHTTP2_VERSION_NUM 0x011d00
+#define NGHTTP2_VERSION_NUM 0x012000
 
 #endif /* NGHTTP2VER_H */

deps/nghttp2/lib/nghttp2_frame.c

@@ -215,6 +215,9 @@ void nghttp2_frame_altsvc_free(nghttp2_extension *frame, nghttp2_mem *mem) {
   nghttp2_ext_altsvc *altsvc;
 
   altsvc = frame->payload;
+  if (altsvc == NULL) {
+    return;
+  }
   /* We use the same buffer for altsvc->origin and
      altsvc->field_value. */
   nghttp2_mem_free(mem, altsvc->origin);

deps/nghttp2/lib/nghttp2_http.c

@@ -244,7 +244,7 @@ static int http_response_on_header(nghttp2_stream *stream, nghttp2_hd_nv *nv,
       return NGHTTP2_ERR_HTTP_HEADER;
     }
     stream->status_code = (int16_t)parse_uint(nv->value->base, nv->value->len);
-    if (stream->status_code == -1) {
+    if (stream->status_code == -1 || stream->status_code == 101) {
       return NGHTTP2_ERR_HTTP_HEADER;
     }
     break;