41 lines
1.6 KiB
Diff
41 lines
1.6 KiB
Diff
From 827a6299e6995c5c3ba620d8b7cbacdaef67f2c4 Mon Sep 17 00:00:00 2001
|
|
From: Christopher Faulet <cfaulet@haproxy.com>
|
|
Date: Thu, 22 Dec 2022 09:47:01 +0100
|
|
Subject: [PATCH] BUG/MEDIUM: mux-h2: Refuse interim responses with end-stream
|
|
flag set
|
|
|
|
As state in RFC9113#8.1, HEADERS frame with the ES flag set that carries an
|
|
informational status code is malformed. However, there is no test on this
|
|
condition.
|
|
|
|
On 2.4 and higher, it is hard to predict consequences of this bug because
|
|
end of the message is only reported with a flag. But on 2.2 and lower, it
|
|
leads to a crash because there is an unexpected extra EOM block at the end
|
|
of an interim response.
|
|
|
|
Now, when a ES flag is detected on a HEADERS frame for an interim message, a
|
|
stream error is sent (RST_STREAM/PROTOCOL_ERROR).
|
|
|
|
This patch should solve the issue #1972. It should be backported as far as
|
|
2.0.
|
|
---
|
|
src/mux_h2.c | 5 +++++
|
|
1 file changed, 5 insertions(+)
|
|
|
|
diff --git a/src/mux_h2.c b/src/mux_h2.c
|
|
index ac7afcd2a6bc..22b1f1e79a65 100644
|
|
--- a/src/mux_h2.c
|
|
+++ b/src/mux_h2.c
|
|
@@ -4782,6 +4782,11 @@ static int h2c_decode_headers(struct h2c *h2c, struct buffer *rxbuf, uint32_t *f
|
|
*flags |= H2_SF_HEADERS_RCVD;
|
|
|
|
if (h2c->dff & H2_F_HEADERS_END_STREAM) {
|
|
+ if (msgf & H2_MSGF_RSP_1XX) {
|
|
+ /* RFC9113#8.1 : HEADERS frame with the ES flag set that carries an informational status code is malformed */
|
|
+ TRACE_STATE("invalid interim response with ES flag!", H2_EV_RX_FRAME|H2_EV_RX_HDR|H2_EV_H2C_ERR|H2_EV_PROTO_ERR, h2c->conn);
|
|
+ goto fail;
|
|
+ }
|
|
/* no more data are expected for this message */
|
|
htx->flags |= HTX_FL_EOM;
|
|
}
|