mirror of
http://git.haproxy.org/git/haproxy.git/
synced 2025-01-25 06:53:03 +00:00
6c71e4696b
In hpack_dht_make_room(), we try to fulfill this rule form RFC7541#4.4 : "It is not an error to attempt to add an entry that is larger than the maximum size; an attempt to add an entry larger than the maximum size causes the table to be emptied of all existing entries and results in an empty table." Unfortunately it is not consistent with the way it's used in hpack_dht_insert() as this last one will consider a success as a confirmation it can copy the header into the table, and a failure as an indexing error. This results in the two following issues : - if a client sends too large a header into an empty table, this header may overflow the table. Fortunately, most clients send small headers like :authority first, and never mark headers that don't fit into the table as indexable since it is counter-productive ; - if a client sends too large a header into a populated table, the operation fails after the table is totally flushed and the request is not processed. This patch fixes the two issues at once : - a header not fitting into an empty table is always a sign that it will never fit ; - not fitting into the table is not an error Thanks to Yves Lafon for reporting detailed traces demonstrating this issue. This fix must be backported to 1.8. |
||
---|---|---|
.. | ||
accept4.h | ||
base64.h | ||
buffer.h | ||
cfgparse.h | ||
chunk.h | ||
compat.h | ||
compiler.h | ||
config.h | ||
debug.h | ||
defaults.h | ||
epoll.h | ||
errors.h | ||
h2.h | ||
hash.h | ||
hathreads.h | ||
hpack-dec.h | ||
hpack-enc.h | ||
hpack-huff.h | ||
hpack-tbl.h | ||
http-hdr.h | ||
ist.h | ||
memory.h | ||
mini-clist.h | ||
namespace.h | ||
net_helper.h | ||
rbtree.h | ||
regex.h | ||
splice.h | ||
standard.h | ||
syscall.h | ||
template.h | ||
ticks.h | ||
time.h | ||
tools.h | ||
uri_auth.h | ||
version.h | ||
xref.h |