From f13ef96e70fc6365fa7bbc078df2393a70bfb2d2 Mon Sep 17 00:00:00 2001
From: Willy Tarreau <w@1wt.eu>
Date: Thu, 2 Nov 2017 15:14:19 +0100
Subject: [PATCH] BUG/MEDIUM: h2: don't try to parse incomplete H1 responses

This situation which must not happen does in fact happen when feeding
artificial responses using errorfiles, Lua or an applet. For now it
causes the H1 response parser to loop forever trying to get a more
complete response. Since it cannot progress, let's return an error.
---
 src/mux_h2.c | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/src/mux_h2.c b/src/mux_h2.c
index bc1076884..2fffcdeca 100644
--- a/src/mux_h2.c
+++ b/src/mux_h2.c
@@ -2552,10 +2552,10 @@ static int h2s_frt_make_resp_headers(struct h2s *h2s, struct buffer *buf)
 	ret = h1_headers_to_hdr_list(bo_ptr(buf), bo_ptr(buf) + buf->o,
 	                             list, sizeof(list)/sizeof(list[0]), h1m);
 	if (ret <= 0) {
-		if (!ret)
-			goto end; // missing input
-
-		/* Impossible to index the response.
+		/* incomplete or invalid response, this is abnormal coming from
+		 * haproxy and may only result in a bad errorfile or bad Lua code
+		 * so that won't be fixed, raise an error now.
+		 *
 		 * FIXME: we should instead add the ability to only return a
 		 * 502 bad gateway. But in theory this is not supposed to
 		 * happen.