From: Willy Tarreau <w@1wt.eu>
Date: Sun, 3 Dec 2017 18:24:50 +0000 (+0100)
Subject: BUG/MINOR: h2: reject incorrect stream dependencies on HEADERS frame
X-Git-Tag: v1.9-dev1~616
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=18b86cd074f8bfd67fa077b5e22b6b7528f72c8f;p=thirdparty%2Fhaproxy.git

BUG/MINOR: h2: reject incorrect stream dependencies on HEADERS frame

We currently don't use stream dependencies, but as reported by h2spec,
the spec requires that we reject streams that depend on themselves in
HEADERS frames.

To backport to 1.8.
---

diff --git a/src/mux_h2.c b/src/mux_h2.c
index 771a3e6022..a7e0c44e51 100644
--- a/src/mux_h2.c
+++ b/src/mux_h2.c
@@ -2465,6 +2465,12 @@ static int h2_frt_decode_headers(struct h2s *h2s, struct buffer *buf, int count)
 
 	/* Skip StreamDep and weight for now (we don't support PRIORITY) */
 	if (h2c->dff & H2_F_HEADERS_PRIORITY) {
+		if (read_n32(hdrs) == h2s->id) {
+			/* RFC7540#5.3.1 : stream dep may not depend on itself */
+			h2c_error(h2c, H2_ERR_PROTOCOL_ERROR);
+			return 0;//goto fail_stream;
+		}
+
 		hdrs += 5; // stream dep = 4, weight = 1
 		flen -= 5;
 	}