From: Christopher Faulet Date: Wed, 13 Dec 2023 14:36:52 +0000 (+0100) Subject: BUG/MEDIUM: mux-h2: Report too large HEADERS frame only when rxbuf is empty X-Git-Tag: v3.0-dev1~95 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=682f73b4fa6d76aa0b5b743fe92777822884772d;p=thirdparty%2Fhaproxy.git BUG/MEDIUM: mux-h2: Report too large HEADERS frame only when rxbuf is empty During HEADERS frames decoding, if a frame is too large to fit in a buffer, an internal error is reported and a RST_STREAM is emitted. On the other hand, we wait to have an empty rxbuf to decode the frame because we cannot retry a failed HPACK decompression. When we are decoding headers, it is valid to return an error if dbuf buffer is full because no data can be blocked in the rxbuf (which hosts the HTX message). However, during the trailers decoding, it is possible to have some data not sent yet for the current stream in the rxbug and data for another stream fully filling the dbuf buffer. In this case, we don't decode the trailers but we must not return an error. We must wait to empty the rxbuf first. Now, a HEADERS frame is considered as too large if the dbuf buffer is full and if the rxbuf is empty (the HTX message to be accurate). This patch should fix the issue #2382. It must be backported to all stable versions. --- diff --git a/src/mux_h2.c b/src/mux_h2.c index ad7c59f998..ff2d115f73 100644 --- a/src/mux_h2.c +++ b/src/mux_h2.c @@ -5212,7 +5212,7 @@ next_frame: b_sub(&h2c->dbuf, hole); } - if (b_full(&h2c->dbuf) && h2c->dfl) { + if (b_full(&h2c->dbuf) && h2c->dfl && (!htx || htx_is_empty(htx))) { /* too large frames */ h2c_error(h2c, H2_ERR_INTERNAL_ERROR); ret = -1;