BUG/MINOR: h2: reject incorrect stream dependencies on HEADERS frame

We currently don't use stream dependencies, but as reported by h2spec,
the spec requires that we reject streams that depend on themselves in
HEADERS frames.

To backport to 1.8.

diff --git a/src/mux_h2.c b/src/mux_h2.c
index 771a3e6022f4061756a87ae5b90f392b5ed0ec6b..a7e0c44e516aff88bea4032566b24c681bf2f5b4 100644 (file)
--- a/src/mux_h2.c
+++ b/src/mux_h2.c
@@ -2465,6 +2465,12 @@ static int h2_frt_decode_headers(struct h2s *h2s, struct buffer *buf, int count)
 
        /* Skip StreamDep and weight for now (we don't support PRIORITY) */
        if (h2c->dff & H2_F_HEADERS_PRIORITY) {
+               if (read_n32(hdrs) == h2s->id) {
+                       /* RFC7540#5.3.1 : stream dep may not depend on itself */
+                       h2c_error(h2c, H2_ERR_PROTOCOL_ERROR);
+                       return 0;//goto fail_stream;
+               }
+
                hdrs += 5; // stream dep = 4, weight = 1
                flen -= 5;
        }