From: Amaury Denoyelle Date: Thu, 1 Aug 2024 13:52:56 +0000 (+0200) Subject: BUG/MINOR: h2: reject extended connect for h2c protocol X-Git-Tag: v3.1-dev5~53 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=7a5a30d28a3ee100c62603f7212cc1b313c53311;p=thirdparty%2Fhaproxy.git BUG/MINOR: h2: reject extended connect for h2c protocol This commit prevents forwarding of an HTTP/2 Extended CONNECT when "h2c" or "h2" token is set as targetted protocol. Contrary to the previous commit which deals with HTTP/1 mux, this time the request is rejected and a RESET_STREAM is reported to the client. This must be backported up to 2.4 after a period of observation. --- diff --git a/reg-tests/http-messaging/protocol_upgrade.vtc b/reg-tests/http-messaging/protocol_upgrade.vtc index be291f18c5..209d404fa0 100644 --- a/reg-tests/http-messaging/protocol_upgrade.vtc +++ b/reg-tests/http-messaging/protocol_upgrade.vtc @@ -252,4 +252,28 @@ client c7_h2c -connect ${hap_frt_h1_h2c_sock} { rxresp expect resp.status == 200 +} + +# extended connect with invalid "h2c" protocol +client c8_h2c -connect ${hap_frt_h2_h1_sock} { + txpri + stream 0 { + txsettings + rxsettings + txsettings -ack + rxsettings + expect settings.ack == true + } -run + + stream 1 { + txreq \ + -req "CONNECT" \ + -scheme "http" \ + -url "/" \ + -hdr ":authority" "127.0.0.1" \ + -hdr ":protocol" "h2c" + + rxrst + expect rst.err == 1 + } -run } -run diff --git a/src/h2.c b/src/h2.c index 9c60cc6b30..c2b41a8485 100644 --- a/src/h2.c +++ b/src/h2.c @@ -460,6 +460,12 @@ int h2_make_htx_request(struct http_hdr *list, struct htx *htx, unsigned int *ms } if (*msgf & H2_MSGF_EXT_CONNECT) { + /* Consider "h2c" / "h2" as invalid protocol value for Extended CONNECT. */ + if (isteqi(phdr_val[H2_PHDR_IDX_PROT], ist("h2c")) || + isteqi(phdr_val[H2_PHDR_IDX_PROT], ist("h2"))) { + goto fail; + } + if (!htx_add_header(htx, ist("upgrade"), phdr_val[H2_PHDR_IDX_PROT])) goto fail; if (!htx_add_header(htx, ist("connection"), ist("upgrade")))