mirrors/haproxy
1
0
Fork 0
mirror of https://git.haproxy.org/git/haproxy.git/ synced 2026-01-15 22:01:01 +01:00
Code Issues Projects Releases Wiki Activity

BUG/MINOR: h3: filter upgrade connection header

Browse Source 
As specified in RFC 9114, connection headers required special care in
HTTP/3. When a request is received with connection headers, the stream
is immediately closed. Conversely, when translating the response from
HTX, such headers are not encoded but silently ignored.

However, "upgrade" was not listed in connection headers. This commit
fixes this by adding a check on it both on request parsing and response
encoding.

This must be backported up to 2.6.
This commit is contained in:
Amaury Denoyelle 2025-04-16 11:20:42 +02:00
parent bd3587574d
commit 6403bfbce8
1 changed files with 4 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
src/h3.c
View File

@ -839,6 +839,7 @@ static ssize_t h3_headers_to_htx(struct qcs *qcs, const struct buffer *buf,
else if (isteq(list[hdr_idx].n, ist("connection")) ||
isteq(list[hdr_idx].n, ist("proxy-connection")) ||
isteq(list[hdr_idx].n, ist("keep-alive")) ||
isteq(list[hdr_idx].n, ist("upgrade")) ||
isteq(list[hdr_idx].n, ist("transfer-encoding"))) {
/* RFC 9114 4.2. HTTP Fields
*
@ -1058,6 +1059,7 @@ static ssize_t h3_trailers_to_htx(struct qcs *qcs, const struct buffer *buf,
isteq(list[hdr_idx].n, ist("connection")) ||
isteq(list[hdr_idx].n, ist("proxy-connection")) ||
isteq(list[hdr_idx].n, ist("keep-alive")) ||
isteq(list[hdr_idx].n, ist("upgrade")) ||
isteq(list[hdr_idx].n, ist("te")) ||
isteq(list[hdr_idx].n, ist("transfer-encoding"))) {
TRACE_ERROR("forbidden HTTP/3 headers", H3_EV_RX_FRAME|H3_EV_RX_HDR, qcs->qcc->conn, qcs);
@ -1689,6 +1691,7 @@ static int h3_resp_headers_send(struct qcs *qcs, struct htx *htx)
if (isteq(list[hdr].n, ist("connection")) ||
isteq(list[hdr].n, ist("proxy-connection")) ||
isteq(list[hdr].n, ist("keep-alive")) ||
isteq(list[hdr].n, ist("upgrade")) ||
isteq(list[hdr].n, ist("transfer-encoding"))) {
continue;
}
@ -1857,6 +1860,7 @@ static int h3_resp_trailers_send(struct qcs *qcs, struct htx *htx)
isteq(list[hdr].n, ist("connection")) ||
isteq(list[hdr].n, ist("proxy-connection")) ||
isteq(list[hdr].n, ist("keep-alive")) ||
isteq(list[hdr].n, ist("upgrade")) ||
isteq(list[hdr].n, ist("te")) ||
isteq(list[hdr].n, ist("transfer-encoding"))) {
continue;