From: Willy Tarreau <w@1wt.eu>
Date: Fri, 29 Dec 2017 10:34:40 +0000 (+0100)
Subject: BUG/MEDIUM: h2: ensure we always know the stream before sending a reset
X-Git-Tag: v1.9-dev1~541
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=d790143d990859f4d5af2c5a9e9e0aac94baa69e;p=thirdparty%2Fhaproxy.git

BUG/MEDIUM: h2: ensure we always know the stream before sending a reset

The recent patch introducing the H2_CS_FRAME_E state to emit stream
resets was not totally correct in that in the rare case where there is
no room left to emit the reset, the next call to process it later could
use an uninitialized stream. This only affects responses to frames that
are sent on closed streams though.

This fix must be backported to 1.8.
---

diff --git a/src/mux_h2.c b/src/mux_h2.c
index 16c3ba1beb..71660f8e8a 100644
--- a/src/mux_h2.c
+++ b/src/mux_h2.c
@@ -1808,12 +1808,12 @@ static void h2_process_demux(struct h2c *h2c)
 			h2_skip_frame_hdr(h2c->dbuf);
 		}
 
-		if (h2c->st0 == H2_CS_FRAME_E)
-			goto strm_err;
-
 		/* Only H2_CS_FRAME_P and H2_CS_FRAME_A here */
 		h2s = h2c_st_by_id(h2c, h2c->dsi);
 
+		if (h2c->st0 == H2_CS_FRAME_E)
+			goto strm_err;
+
 		if (h2s->st == H2_SS_IDLE &&
 		    h2c->dft != H2_FT_HEADERS && h2c->dft != H2_FT_PRIORITY) {
 			/* RFC7540#5.1: any frame other than HEADERS or PRIORITY in