RepoMirrors/haproxy
1
0
Fork 0
mirror of http://git.haproxy.org/git/haproxy.git/ synced 2025-01-30 01:52:53 +00:00
Code Issues Packages Projects Releases Wiki Activity

BUG/MEDIUM: h3: do not crash on invalid response status code

Browse Source 
A crash occurs in h3_resp_headers_send() if an invalid response code is
received from the backend side. Fix this by properly flagging the
connection on error. This will cause a CONNECTION_CLOSE.

This should fix github issue #2422.

Big thanks to ygkim (@yokim-git) for his help and reactivity. Initially,
GDB reported an invalid code source location due to heavy functions
inlining inside h3_snd_buf(). The issue was found after using -Og flag.

This must be backported up to 2.6.
This commit is contained in:
Amaury Denoyelle 2024-01-29 13:47:44 +01:00
parent df5cf9123f
commit 5d2fe1871a
1 changed files with 5 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
src/h3.c
View File

@ -1563,8 +1563,11 @@ static int h3_resp_headers_send(struct qcs *qcs, struct htx *htx)
qcs->qcc->conn, qcs);
if (qpack_encode_field_section_line(&headers_buf))
ABORT_NOW();
if (qpack_encode_int_status(&headers_buf, status))
ABORT_NOW();
if (qpack_encode_int_status(&headers_buf, status)) {
TRACE_ERROR("invalid status code", H3_EV_TX_FRAME|H3_EV_TX_HDR, qcs->qcc->conn, qcs);
h3c->err = H3_INTERNAL_ERROR;
goto err;
}
for (hdr = 0; hdr < sizeof(list) / sizeof(list[0]); ++hdr) {
if (isteq(list[hdr].n, ist("")))