From: Willy Tarreau <w@1wt.eu>
Date: Thu, 2 Nov 2017 14:14:19 +0000 (+0100)
Subject: BUG/MEDIUM: h2: don't try to parse incomplete H1 responses
X-Git-Tag: v1.8-rc2~14
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=f13ef96e70fc6365fa7bbc078df2393a70bfb2d2;p=thirdparty%2Fhaproxy.git

BUG/MEDIUM: h2: don't try to parse incomplete H1 responses

This situation which must not happen does in fact happen when feeding
artificial responses using errorfiles, Lua or an applet. For now it
causes the H1 response parser to loop forever trying to get a more
complete response. Since it cannot progress, let's return an error.
---

diff --git a/src/mux_h2.c b/src/mux_h2.c
index bc10768842..2fffcdeca6 100644
--- a/src/mux_h2.c
+++ b/src/mux_h2.c
@@ -2552,10 +2552,10 @@ static int h2s_frt_make_resp_headers(struct h2s *h2s, struct buffer *buf)
 	ret = h1_headers_to_hdr_list(bo_ptr(buf), bo_ptr(buf) + buf->o,
 	                             list, sizeof(list)/sizeof(list[0]), h1m);
 	if (ret <= 0) {
-		if (!ret)
-			goto end; // missing input
-
-		/* Impossible to index the response.
+		/* incomplete or invalid response, this is abnormal coming from
+		 * haproxy and may only result in a bad errorfile or bad Lua code
+		 * so that won't be fixed, raise an error now.
+		 *
 		 * FIXME: we should instead add the ability to only return a
 		 * 502 bad gateway. But in theory this is not supposed to
 		 * happen.