git.ipfire.org Git - thirdparty/haproxy.git/commit

author	Christopher Faulet <cfaulet@haproxy.com>
	Fri, 6 Sep 2024 07:16:16 +0000 (09:16 +0200)
committer	Christopher Faulet <cfaulet@haproxy.com>
	Fri, 6 Sep 2024 07:16:18 +0000 (09:16 +0200)
commit	001fb1a5488b5059ca4c26a82dd4f00e9850f1b4
tree	d3e8426876cca153a0f1c1e168eafdb88e547307	tree \| snapshot
parent	ad1ef94612fb6cba5b68f7d19c4646491b6da4af	commit \| diff

BUG/MEDIUM: mux-h1/mux-h2: Reject upgrades with payload on H2 side only

Since 1d2d77b27 ("MEDIUM: mux-h1: Return a 501-not-implemented for upgrade
requests with a body"), it is no longer possible to perform a protocol
upgrade for requests with a payload. The main reason was to be able to
support protocol upgrade for H1 client requesting a H2 server. In that case,
the upgrade request is converted to a CONNECT request. So, it is not
possible to convey a payload in that case.

But, it is a problem for anyone wanting to perform upgrades on H1 server
using requests with a payload. It is uncommon but valid. So, now, it is the
H2 multiplexer responsibility to reject upgrade requests, on server side, if
there is a payload. An INTERNAL_ERROR is returned for the H2S in that
case. On H1 side, the upgrade is now allowed, but only if the server waits
for the end of the request to return the 101-Switching-protocol
response. Indeed, it is quite hard to synchronise the frontend side and the
backend side in that case. Asking to servers to fully consume the request
payload before returned the response seems reasonable.

This patch should fix the issue #2684. It could be backported after a period
of observation, as far as 2.4 if possible. But only if it is not too
hard. It depends on "MINOR: mux-h1: Set EOI on SE during demux when both
side are in DONE state".

src/h1_htx.c		diff \| blob \| blame \| history
src/mux_h1.c		diff \| blob \| blame \| history
src/mux_h2.c		diff \| blob \| blame \| history