From: Willy Tarreau <w@1wt.eu>
Date: Thu, 24 Jan 2019 08:43:32 +0000 (+0100)
Subject: BUG/MINOR: mux-h2: headers-type frames in HREM are always a connection error
X-Git-Tag: v2.0-dev1~168
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=5b4eae33dee01224f0ece9db0891ca7a1fb2805d;p=thirdparty%2Fhaproxy.git

BUG/MINOR: mux-h2: headers-type frames in HREM are always a connection error

There are incompatible MUST statements in the HTTP/2 specification. Some
require a stream error and others a connection error for the same situation.
As discussed in the thread below, let's always apply the connection error
when relevant (headers-like frame in half-closed(remote)) :

  https://mailarchive.ietf.org/arch/msg/httpbisa/pOIWRBRBdQrw5TDHODZXp8iblcE

This must be backported to 1.9, possibly to 1.8 as well.
---

diff --git a/src/mux_h2.c b/src/mux_h2.c
index 0a8238dd8c..6ec53e88f7 100644
--- a/src/mux_h2.c
+++ b/src/mux_h2.c
@@ -2252,9 +2252,14 @@ static void h2_process_demux(struct h2c *h2c)
 		if (h2s->st == H2_SS_HREM && h2c->dft != H2_FT_WINDOW_UPDATE &&
 		    h2c->dft != H2_FT_RST_STREAM && h2c->dft != H2_FT_PRIORITY) {
 			/* RFC7540#5.1: any frame other than WU/PRIO/RST in
-			 * this state MUST be treated as a stream error
+			 * this state MUST be treated as a stream error.
+			 * 6.2, 6.6 and 6.10 further mandate that HEADERS/
+			 * PUSH_PROMISE/CONTINUATION cause connection errors.
 			 */
-			h2s_error(h2s, H2_ERR_STREAM_CLOSED);
+			if (h2_ft_bit(h2c->dft) & H2_FT_HDR_MASK)
+				h2c_error(h2c, H2_ERR_PROTOCOL_ERROR);
+			else
+				h2s_error(h2s, H2_ERR_STREAM_CLOSED);
 			goto strm_err;
 		}