Skip to content

V
varnish-cache
Commit 7ccffe7b authored by Dridi Boukelmoune's avatar Dridi Boukelmoune
Browse files
Options

http2_hpack: Enforce http_req_size limit 

Fixes #3709
Closes #3892
parent 97e83ddb
Show whitespace changes
Inline Side-by-side
Showing with 31 additions and 3 deletions
bin/varnishd/http2/cache_http2_hpack.c
View file @ 7ccffe7b
...@@ -269,7 +269,8 @@ h2h_decode_init(const struct h2_sess *h2) ...@@ -269,7 +269,8 @@ h2h_decode_init(const struct h2_sess *h2)
d = h2->decode; d = h2->decode;
INIT_OBJ(d, H2H_DECODE_MAGIC); INIT_OBJ(d, H2H_DECODE_MAGIC);
VHD_Init(d->vhd); VHD_Init(d->vhd);
d->out_l = WS_ReserveAll(h2->new_req->http->ws); d->out_l = WS_ReserveSize(h2->new_req->http->ws,
cache_param->http_req_size);
/* /*
* Can't do any work without any buffer * Can't do any work without any buffer
* space. Require non-zero size. * space. Require non-zero size.
...@@ -310,6 +311,10 @@ h2h_decode_fini(const struct h2_sess *h2) ...@@ -310,6 +311,10 @@ h2h_decode_fini(const struct h2_sess *h2)
} else } else
ret = d->error; ret = d->error;
FINI_OBJ(d); FINI_OBJ(d);
if (ret == H2SE_REQ_SIZE) {
VSLb(h2->new_req->http->vsl, SLT_LostHeader,
"Header list too large");
}
return (ret); return (ret);
} }
......
bin/varnishtest/tests/r03709.vtc
View file @ 7ccffe7b
...@@ -2,17 +2,40 @@ varnishtest "h2 req limits" ...@@ -2,17 +2,40 @@ varnishtest "h2 req limits"
varnish v1 -cliok "param.set feature +http2" varnish v1 -cliok "param.set feature +http2"
varnish v1 -cliok "param.set http_req_hdr_len 40b" varnish v1 -cliok "param.set http_req_hdr_len 40b"
varnish v1 -cliok "param.set http_req_size 512b"
varnish v1 -vcl { varnish v1 -vcl {
backend be none; backend be none;
} -start } -start
logexpect l1 -v v1 -g raw -q BogoHeader { logexpect l1 -v v1 -g raw -q BogoHeader,LostHeader {
expect 0 1001 BogoHeader "Header too large: :path" expect 0 1001 BogoHeader "Header too large: :path"
expect 0 1002 LostHeader "Header list too large"
} -start } -start
client c1 { client c1 {
stream next { stream next {
txreq -url ${string,repeat,4,/123456789} txreq -url ${string,repeat,4,/123456789} \
-hdr limit http_req_hdr_len
rxrst
expect rst.err == ENHANCE_YOUR_CALM
} -run
stream next {
txreq -url "/http_req_size" \
-hdr hdr1 ${string,repeat,3,/123456789} \
-hdr hdr2 ${string,repeat,3,/123456789} \
-hdr hdr3 ${string,repeat,3,/123456789} \
-hdr hdr4 ${string,repeat,3,/123456789} \
-hdr hdr5 ${string,repeat,3,/123456789} \
-hdr hdr6 ${string,repeat,3,/123456789} \
-hdr hdr7 ${string,repeat,3,/123456789} \
-hdr hdr8 ${string,repeat,3,/123456789} \
-hdr hdr9 ${string,repeat,3,/123456789} \
-hdr hdr10 ${string,repeat,3,/123456789} \
-hdr hdr11 ${string,repeat,3,/123456789} \
-hdr hdr12 ${string,repeat,3,/123456789} \
-hdr hdr13 ${string,repeat,3,/123456789} \
-hdr hdr14 ${string,repeat,3,/123456789}
rxrst rxrst
expect rst.err == ENHANCE_YOUR_CALM expect rst.err == ENHANCE_YOUR_CALM
} -run } -run
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment