BUG/MINOR: h3: filter upgrade connection header

As specified in RFC 9114, connection headers required special care in
HTTP/3. When a request is received with connection headers, the stream
is immediately closed. Conversely, when translating the response from
HTX, such headers are not encoded but silently ignored.

However, "upgrade" was not listed in connection headers. This commit
fixes this by adding a check on it both on request parsing and response
encoding.

This must be backported up to 2.6.

diff --git a/src/h3.c b/src/h3.c
index f1b3ec7c5c488dd9fa715f0136252fbddedbcbe4..3f6f85710d4e16f8fa79c5f1e2571aff4d2d7a91 100644 (file)
--- a/src/h3.c
+++ b/src/h3.c
@@ -839,6 +839,7 @@ static ssize_t h3_headers_to_htx(struct qcs *qcs, const struct buffer *buf,
                else if (isteq(list[hdr_idx].n, ist("connection")) ||
                         isteq(list[hdr_idx].n, ist("proxy-connection")) ||
                         isteq(list[hdr_idx].n, ist("keep-alive")) ||
+                        isteq(list[hdr_idx].n, ist("upgrade")) ||
                         isteq(list[hdr_idx].n, ist("transfer-encoding"))) {
                        /* RFC 9114 4.2. HTTP Fields
                         *
@@ -1058,6 +1059,7 @@ static ssize_t h3_trailers_to_htx(struct qcs *qcs, const struct buffer *buf,
                    isteq(list[hdr_idx].n, ist("connection")) ||
                    isteq(list[hdr_idx].n, ist("proxy-connection")) ||
                    isteq(list[hdr_idx].n, ist("keep-alive")) ||
+                   isteq(list[hdr_idx].n, ist("upgrade")) ||
                    isteq(list[hdr_idx].n, ist("te")) ||
                    isteq(list[hdr_idx].n, ist("transfer-encoding"))) {
                        TRACE_ERROR("forbidden HTTP/3 headers", H3_EV_RX_FRAME|H3_EV_RX_HDR, qcs->qcc->conn, qcs);
@@ -1689,6 +1691,7 @@ static int h3_resp_headers_send(struct qcs *qcs, struct htx *htx)
                if (isteq(list[hdr].n, ist("connection")) ||
                    isteq(list[hdr].n, ist("proxy-connection")) ||
                    isteq(list[hdr].n, ist("keep-alive")) ||
+                   isteq(list[hdr].n, ist("upgrade")) ||
                    isteq(list[hdr].n, ist("transfer-encoding"))) {
                        continue;
                }
@@ -1857,6 +1860,7 @@ static int h3_resp_trailers_send(struct qcs *qcs, struct htx *htx)
                    isteq(list[hdr].n, ist("connection")) ||
                    isteq(list[hdr].n, ist("proxy-connection")) ||
                    isteq(list[hdr].n, ist("keep-alive")) ||
+                   isteq(list[hdr].n, ist("upgrade")) ||
                    isteq(list[hdr].n, ist("te")) ||
                    isteq(list[hdr].n, ist("transfer-encoding"))) {
                        continue;