From: Christopher Faulet <cfaulet@haproxy.com>
Date: Mon, 26 May 2025 09:28:04 +0000 (+0200)
Subject: BUG/MINOR: h3: Set HTX flags corresponding to the scheme found in the request
X-Git-Tag: v3.2.0~19
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=da9792cca85366e3da4d716c0eb4a6a8bb9c1e62;p=thirdparty%2Fhaproxy.git

BUG/MINOR: h3: Set HTX flags corresponding to the scheme found in the request

When a ":scheme" pseudo-header is found in a h3 request, the
HTX_SL_F_HAS_SCHM flag must be set on the HTX message. And if the scheme is
'http' or 'https', the corresponding HTX flag must also be set. So,
respectively, HTX_SL_F_SCHM_HTTP or HTX_SL_F_SCHM_HTTPS.

It is mainly used to send the right ":scheme" pseudo-header value to H2
server on backend side.

This patch could be backported as far as 2.6.
---

diff --git a/src/h3.c b/src/h3.c
index 81ab90c69..ac2a116dd 100644
--- a/src/h3.c
+++ b/src/h3.c
@@ -679,7 +679,12 @@ static ssize_t h3_headers_to_htx(struct qcs *qcs, const struct buffer *buf,
 				goto out;
 			}
 
-			if (!http_validate_scheme(list[hdr_idx].v)) {
+			flags |= HTX_SL_F_HAS_SCHM;
+			if (isteqi(list[hdr_idx].v, ist("http")))
+				flags |= HTX_SL_F_SCHM_HTTP;
+			else if (isteqi(list[hdr_idx].v, ist("https")))
+				flags |= HTX_SL_F_SCHM_HTTPS;
+			else if (!http_validate_scheme(list[hdr_idx].v)) {
 				TRACE_ERROR("invalid scheme pseudo-header", H3_EV_RX_FRAME|H3_EV_RX_HDR, qcs->qcc->conn, qcs);
 				h3s->err = H3_ERR_MESSAGE_ERROR;
 				qcc_report_glitch(h3c->qcc, 1);