git.ipfire.org Git - thirdparty/haproxy.git/commit

author	Willy Tarreau <w@1wt.eu>
	Wed, 26 Feb 2020 12:51:38 +0000 (13:51 +0100)
committer	Willy Tarreau <w@1wt.eu>
	Wed, 26 Feb 2020 12:56:24 +0000 (13:56 +0100)
commit	fd2658c0c6a275b497c92de2fc8513e458d0f169
tree	6aade70c3ba63cc543c8794ce84260d783fc223c	tree
parent	cf8cf6c5cdbed9e3e75fb9f46c879f4aa86689d7	commit \| diff

BUG/MINOR: h2: reject again empty :path pseudo-headers

Since commit 92919f7fd5 ("MEDIUM: h2: make the request parser rebuild
a complete URI") we make sure to rebuild a complete URI. Unfortunately
the test for an empty :path pseudo-header that is mandated by #8.1.2.3
appened to be performed on the URI before this patch, which is never
empty anymore after being rebuilt, causing h2spec to complain :

  8. HTTP Message Exchanges
    8.1. HTTP Request/Response Exchange
      8.1.2. HTTP Header Fields
        8.1.2.3. Request Pseudo-Header Fields
          - 1: Sends a HEADERS frame with empty ":path" pseudo-header field
            -> The endpoint MUST respond with a stream error of type PROTOCOL_ERROR.
               Expected: GOAWAY Frame (Error Code: PROTOCOL_ERROR)
                         RST_STREAM Frame (Error Code: PROTOCOL_ERROR)
                         Connection closed
                 Actual: DATA Frame (length:0, flags:0x01, stream_id:1)

It's worth noting that this error doesn't trigger when calling h2spec
with a timeout as some scripts do, which explains why it wasn't detected
after the patch above.

This fixes one half of issue #471 and should be backported to 2.1.