BUG/MINOR: mux-h2: Don't encroach on the reserve when decoding headers

Since the input buffer is transferred to the stream when it is created,
there is no longer control on the request size to be sure the buffer's
reserve is still respected. It was automatically performed in h2_rcv_buf()
because the caller took care to provide the correct available space in the
buffer. The control is still there but it is no longer applied on the
request headers. Now, we should take care of the reserve when the headers
are decoded, before the stream creation.

The test is performed for the request and the response.

It is a 2.4-specific bug. No backport is needed.

diff --git a/src/mux_h2.c b/src/mux_h2.c
index 950dc9e73a3f231b9eaed423d5f0d3e4210b8cd3..f1749f8d13a68a4993833a856a0dbfbf792473e5 100644 (file)
--- a/src/mux_h2.c
+++ b/src/mux_h2.c
@@ -4736,9 +4736,10 @@ next_frame:
        else
                outlen = h2_make_htx_request(list, htx, &msgf, body_len);
 
-       if (outlen < 0) {
+       if (outlen < 0 || htx_free_space(htx) < global.tune.maxrewrite) {
                /* too large headers? this is a stream error only */
-               TRACE_STATE("request headers too large", H2_EV_RX_FRAME|H2_EV_RX_HDR|H2_EV_H2S_ERR|H2_EV_PROTO_ERR, h2c->conn);
+               TRACE_STATE("message headers too large", H2_EV_RX_FRAME|H2_EV_RX_HDR|H2_EV_H2S_ERR|H2_EV_PROTO_ERR, h2c->conn);
+               htx->flags |= HTX_FL_PARSING_ERROR;
                goto fail;
        }