BUG/MEDIUM: mux-h2: Fix dfl calculation when merging CONTINUATION frames

When header are splitted over several frames, payload of HEADERS and
CONTINUATION frames are merged to form a unique HEADERS frame before
decoding the payload. To do so, info about the current frame are updated
(dff, dfl..) with info of the next one. Here there is a bug when the frame
length (dfl) is update. We must add the next frame length (hdr.dfl) and not
only the amount of data found in the buffer (clen). Because HEADERS frames
are decoded in one pass, dfl value is the whole frame length or 0. nothing
intermediary.

This patch must be backported as far as 2.0.

diff --git a/src/mux_h2.c b/src/mux_h2.c
index 695eb160d42ec883d9ff1a0346048773673ec072..35767b1853795f321333ccf996f2157f15add01f 100644 (file)
--- a/src/mux_h2.c
+++ b/src/mux_h2.c
@@ -4642,7 +4642,7 @@ next_frame:
                 * above). The hole moves after the new aggragated frame.
                 */
                b_move(&h2c->dbuf, b_peek_ofs(&h2c->dbuf, h2c->dfl + hole + 9), clen, -(h2c->dpl + hole + 9));
-               h2c->dfl += clen - h2c->dpl;
+               h2c->dfl += hdr.len - h2c->dpl;
                hole     += h2c->dpl + 9;
                h2c->dpl  = 0;
                TRACE_STATE("waiting for next continuation frame", H2_EV_RX_FRAME|H2_EV_RX_FHDR|H2_EV_RX_CONT|H2_EV_RX_HDR, h2c->conn);