From a80dca85350bbc14dd450cdb26ebb84733d57e87 Mon Sep 17 00:00:00 2001 From: Willy Tarreau Date: Thu, 24 Jan 2019 17:08:28 +0100 Subject: [PATCH] BUG/MINOR: mux-h2: refuse to allocate a stream with too high an ID One of the reasons for the excessive number of aborted requests when a server sets a limit on the highest stream ID is that we don't check this limit while allocating a new stream. This patch does this at two locations : - when a backend stream is allocated, we verify that there are still IDs left ; - when the ID is assigned, we verify that it's not higher than the advertised limit. This should be backported to 1.9. --- src/mux_h2.c | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/src/mux_h2.c b/src/mux_h2.c index 57bf46946..21796c356 100644 --- a/src/mux_h2.c +++ b/src/mux_h2.c @@ -547,7 +547,8 @@ static int h2_init(struct connection *conn, struct proxy *prx, struct session *s static inline int32_t h2c_get_next_sid(const struct h2c *h2c) { int32_t id = (h2c->max_id + 1) | 1; - if (id & 0x80000000U) + + if ((id & 0x80000000U) || (h2c->last_sid >= 0 && id > h2c->last_sid)) id = -1; return id; } @@ -954,6 +955,9 @@ static struct h2s *h2c_bck_stream_new(struct h2c *h2c, struct conn_stream *cs, s if (h2c->nb_streams >= h2_settings_max_concurrent_streams) goto out; + if (h2_streams_left(h2c) < 1) + goto out; + /* Defer choosing the ID until we send the first message to create the stream */ h2s = h2s_new(h2c, 0); if (!h2s)