BUG/MINOR: h2/h3: Only test number of trailers inserted in HTX message

When H2 or H3 trailers are inserted in an HTX message, we must take care to
not exceed the maximum number of trailers allowed in a message (same than
the maximum number of headers, i.e tune.http.maxhdr). However, all HTX
blocks in the HTX message were considered. Only TRAILERS HTX blocks must be
considered.

To fix the issue, in h2_make_htx_trailers(), we rely on the "idx" variable
at the end of the for loop. In h3_trailers_to_htx(), we rely on the
"hdr_idx" variable.

This patch must be backported to all stables versions for the H2 part and as
far as 2.8 for the H3 one.

pouet

diff --git a/src/h2.c b/src/h2.c
index 9cc006ea938a6bc92220a03b772cab4e953b736d..64c23d4745bbf15915102642802c460294124a00 100644 (file)
--- a/src/h2.c
+++ b/src/h2.c
@@ -861,8 +861,8 @@ int h2_make_htx_trailers(struct http_hdr *list, struct htx *htx)
                        goto fail;
        }
 
-       /* Check the number of blocks against "tune.http.maxhdr" value before adding EOT block */
-       if (htx_nbblks(htx) > global.tune.max_http_hdr)
+       /* Check the number of trailers against "tune.http.maxhdr" value before adding EOT block */
+       if (idx > global.tune.max_http_hdr)
                goto fail;
 
        if (!htx_add_endof(htx, HTX_BLK_EOT))

diff --git a/src/h3.c b/src/h3.c
index 0b7c53303a3774687d6886714aa147069c893b0f..09634f14c05bb9a7b252c243cc3a32f4a245d555 100644 (file)
--- a/src/h3.c
+++ b/src/h3.c
@@ -1505,7 +1505,7 @@ static ssize_t h3_trailers_to_htx(struct qcs *qcs, const struct buffer *buf,
        }
 
        /* Check the number of blocks against "tune.http.maxhdr" value before adding EOT block */
-       if (htx_nbblks(htx) > global.tune.max_http_hdr) {
+       if (hdr_idx > global.tune.max_http_hdr) {
                len = -1;
                goto out;
        }