From f065d0009888c394e5f93dfdaa2ae79958b2c2e2 Mon Sep 17 00:00:00 2001
From: Christopher Faulet <cfaulet@haproxy.com>
Date: Fri, 15 Nov 2024 10:25:20 +0100
Subject: [PATCH] BUG/MEDIUM: mux-h2: Don't send RST_STREAM frame for streams
 with no ID

On server side, the H2 stream is first created with an unassigned ID (ID ==
0). Its ID is assigned when the request is emitted, before formatting the
HEADERS frame. However, the session may be aborted during that stage. We
must take care to not emit RST_STREAM frame for this stream, because it does
not exist yet for the server.

It is especially important to do so because, depending on the timing, it may
also happens before the H2 PREFACE was sent.

This patch must be backported to all stable versions. It is related to issue
---
 src/mux_h2.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/src/mux_h2.c b/src/mux_h2.c
index 8910a909ac..131db2f77f 100644
--- a/src/mux_h2.c
+++ b/src/mux_h2.c
@@ -2366,8 +2366,10 @@ static int h2s_send_rst_stream(struct h2c *h2c, struct h2s *h2s)
 
 	/* RFC7540#5.4.2: To avoid looping, an endpoint MUST NOT send a
 	 * RST_STREAM in response to a RST_STREAM frame.
+	 *
+	 * if h2s is not assigned yet (id == 0), don't send a RST_STREAM frame.
 	 */
-	if (h2c->dsi == h2s->id && h2c->dft == H2_FT_RST_STREAM) {
+	if ((h2s->id == 0) || (h2c->dsi == h2s->id && h2c->dft == H2_FT_RST_STREAM)) {
 		ret = 1;
 		goto ignore;
 	}