From: Willy Tarreau <w@1wt.eu>
Date: Thu, 24 Jan 2019 08:36:53 +0000 (+0100)
Subject: BUG/MINOR: mux-h2: CONTINUATION in closed state must always return GOAWAY
X-Git-Tag: v2.0-dev1~169
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=113c7a2794a86e658faf80b000a5d849f30e299e;p=thirdparty%2Fhaproxy.git

BUG/MINOR: mux-h2: CONTINUATION in closed state must always return GOAWAY

Since we now support CONTINUATION frames, we must take care of properly
aborting the connection when they are sent on a closed stream. By default
we'd get a stream error which is not sufficient since the compression
context is modified and unrecoverable.

More info in this discussion :

   https://mailarchive.ietf.org/arch/msg/httpbisa/azZ1jiOkvM3xrpH4jX-Q72KoH00

This needs to be backported to 1.9 and possibly to 1.8 (less important there).
---

diff --git a/src/mux_h2.c b/src/mux_h2.c
index 4e128d0388..0a8238dd8c 100644
--- a/src/mux_h2.c
+++ b/src/mux_h2.c
@@ -2270,7 +2270,7 @@ static void h2_process_demux(struct h2c *h2c)
 		 * Some frames have to be silently ignored as well.
 		 */
 		if (h2s->st == H2_SS_CLOSED && h2c->dsi) {
-			if (h2c->dft == H2_FT_HEADERS || h2c->dft == H2_FT_PUSH_PROMISE) {
+			if (h2_ft_bit(h2c->dft) & H2_FT_HDR_MASK) {
 				/* #5.1.1: The identifier of a newly
 				 * established stream MUST be numerically
 				 * greater than all streams that the initiating