From 18b86cd074f8bfd67fa077b5e22b6b7528f72c8f Mon Sep 17 00:00:00 2001
From: Willy Tarreau <w@1wt.eu>
Date: Sun, 3 Dec 2017 19:24:50 +0100
Subject: [PATCH] BUG/MINOR: h2: reject incorrect stream dependencies on
 HEADERS frame

We currently don't use stream dependencies, but as reported by h2spec,
the spec requires that we reject streams that depend on themselves in
HEADERS frames.

To backport to 1.8.
---
 src/mux_h2.c | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/src/mux_h2.c b/src/mux_h2.c
index 771a3e602..a7e0c44e5 100644
--- a/src/mux_h2.c
+++ b/src/mux_h2.c
@@ -2465,6 +2465,12 @@ static int h2_frt_decode_headers(struct h2s *h2s, struct buffer *buf, int count)
 
 	/* Skip StreamDep and weight for now (we don't support PRIORITY) */
 	if (h2c->dff & H2_F_HEADERS_PRIORITY) {
+		if (read_n32(hdrs) == h2s->id) {
+			/* RFC7540#5.3.1 : stream dep may not depend on itself */
+			h2c_error(h2c, H2_ERR_PROTOCOL_ERROR);
+			return 0;//goto fail_stream;
+		}
+
 		hdrs += 5; // stream dep = 4, weight = 1
 		flen -= 5;
 	}