http2_hpack: Enforce http_req_hdr_len limit

Refs #3709

http2_hpack: Enforce http_req_hdr_len limit
Refs #3709
a90f5425 · Dridi Boukelmoune · cdcae28a · a90f5425 · a90f5425
Commit a90f5425 authored Mar 28, 2024 by Dridi Boukelmoune
Hide whitespace changes
Inline Side-by-side

Showing with 22 additions and 1 deletion

cache_http2_hpack.c bin/varnishd/http2/cache_http2_hpack.c +1 -1

r03709.vtc bin/varnishtest/tests/r03709.vtc +21 -0

No files found.
--- a/bin/varnishd/http2/cache_http2_hpack.c
+++ b/bin/varnishd/http2/cache_http2_hpack.c
@@ -161,7 +161,7 @@ h2h_addhdr(struct http *hp, struct h2h_decode *d)
 	disallow_empty = 0;
 	has_dup = 0;

-	if (Tlen(hdr) > UINT_MAX) {	/* XXX: cache_param max header size */
+	if (Tlen(hdr) > cache_param->http_req_hdr_len) {
 		VSLb(hp->vsl, SLT_BogoHeader, "Header too large: %.20s", hdr.b);
 		return (H2SE_ENHANCE_YOUR_CALM);
 	}

--- a/bin/varnishtest/tests/r03709.vtc
+++ b/bin/varnishtest/tests/r03709.vtc
+varnishtest "h2 req limits"
+
+varnish v1 -cliok "param.set feature +http2"
+varnish v1 -cliok "param.set http_req_hdr_len 40b"
+varnish v1 -vcl {
+	backend be none;
+} -start
+
+logexpect l1 -v v1 -g raw -q BogoHeader {
+	expect 0 1001 BogoHeader "Header too large: :path"
+} -start
+
+client c1 {
+	stream next {
+		txreq -url ${string,repeat,4,/123456789}
+		rxrst
+		expect rst.err == ENHANCE_YOUR_CALM
+	} -run
+} -run
+
+logexpect l1 -wait