mirrors/haproxy
1
0
Fork 0
mirror of https://git.haproxy.org/git/haproxy.git/ synced 2025-08-06 23:27:04 +02:00
Code Issues Projects Releases Wiki Activity
12,768 Commits 16 Branches 394 Tags 180 MiB
C 98.1%
Shell 0.8%
Makefile 0.5%
Lua 0.2%
Python 0.2%
3ca2365904
Go to file
Willy Tarreau 3ca2365904 BUG/MEDIUM: h2: report frame bits only for handled types 
As part of his GREASE experiments on Chromium, Bence Béky reported in
https://lists.w3.org/Archives/Public/ietf-http-wg/2020JulSep/0202.html
and https://bugs.chromium.org/p/chromium/issues/detail?id=1127060 that
a certain combination of frame type and frame flags was causing an error
on app.slack.com. It turns out that it's haproxy that is causing this
issue because the frame type is wrongly assumed to support padding, the
frame flags indicate padding is present, and the frame is too short for
this, resulting in an error.

The reason why only some frame types are affected is due to the frame
type being used in a bit shift to match against a mask, and where the
5 lower bits of the frame type only are used to compute the frame bit.
If the resulting frame bit matches a DATA, HEADERS or PUSH_PROMISE frame
bit, then padding support is assumed and the test is enforced, resulting
in a PROTOCOL_ERROR or FRAME_SIZE_ERROR depending on the payload size.

We must never match any such bit for unsupported frame types so let's
add a check for this. This must be backported as far as 1.8.

Thanks to Cooper Bethea for providing enough context to help narrow the
issue down and to Bence Béky for creating a simple reproducer.
2020-09-18 08:05:03 +02:00
.github DOC: overhauling github issue templates 2020-08-17 20:29:27 +02:00
contrib BUG/MEDIUM: contrib/spoa-server: Fix ipv4_address used instead of ipv6_address 2020-09-01 18:28:40 +02:00
doc MINOR: log-forward: use str2receiver() to parse the dgram-bind address 2020-09-16 22:08:08 +02:00
examples CLEANUP: assorted typo fixes in the code and comments 2020-06-26 11:27:28 +02:00
include BUG/MEDIUM: h2: report frame bits only for handled types 2020-09-18 08:05:03 +02:00
reg-tests MINOR: sample: Add iif(<true>,<false>) converter 2020-09-11 16:59:27 +02:00
scripts SCRIPTS: git-show-backports: emit the shell command to backport a commit 2020-07-31 16:57:35 +02:00
src BUG/MINOR: h2/trace: do not display "stream error" after a frame ACK 2020-09-18 07:41:28 +02:00
tests MEDIUM: config: make str2listener() not accept datagram sockets anymore 2020-09-16 22:08:08 +02:00
.cirrus.yml CI: cirrus-ci: exclude slow reg-tests 2020-07-04 06:58:14 +02:00
.gitattributes MINOR: Commit .gitattributes 2020-09-05 16:21:59 +02:00
.gitignore CLEANUP: Update .gitignore 2020-09-12 13:11:24 +02:00
.travis.yml CI: travis-ci: split asan step out of running tests 2020-09-15 09:02:07 +02:00
BRANCHES DOC: assorted typo fixes in the documentation 2020-03-09 14:45:58 +01:00
CHANGELOG [RELEASE] Released version 2.3-dev4 2020-09-11 17:05:59 +02:00
CONTRIBUTING DOC: Use gender neutral language 2020-07-26 22:35:43 +02:00
INSTALL MINOR: version: back to development, update status message 2020-07-07 16:38:51 +02:00
LICENSE LICENSE: add licence exception for OpenSSL 2012-09-07 13:52:26 +02:00
MAINTAINERS REORG: include: split hathreads into haproxy/thread.h and haproxy/thread-t.h 2020-06-11 10:18:56 +02:00
Makefile BUILD: makefile: change default value of CC from gcc to cc 2020-09-15 07:32:06 +02:00
README DOC: create a BRANCHES file to explain the life cycle 2019-06-15 22:00:14 +02:00
ROADMAP DOC: update the outdated ROADMAP file 2019-06-15 21:59:54 +02:00
SUBVERS BUILD: use format tags in VERDATE and SUBVERS files 2013-12-10 11:22:49 +01:00
VERDATE [RELEASE] Released version 2.3-dev4 2020-09-11 17:05:59 +02:00
VERSION [RELEASE] Released version 2.3-dev4 2020-09-11 17:05:59 +02:00

README 

The HAProxy documentation has been split into a number of different files for
ease of use.

Please refer to the following files depending on what you're looking for :

  - INSTALL for instructions on how to build and install HAProxy
  - BRANCHES to understand the project's life cycle and what version to use
  - LICENSE for the project's license
  - CONTRIBUTING for the process to follow to submit contributions

The more detailed documentation is located into the doc/ directory :

  - doc/intro.txt for a quick introduction on HAProxy
  - doc/configuration.txt for the configuration's reference manual
  - doc/lua.txt for the Lua's reference manual
  - doc/SPOE.txt for how to use the SPOE engine
  - doc/network-namespaces.txt for how to use network namespaces under Linux
  - doc/management.txt for the management guide
  - doc/regression-testing.txt for how to use the regression testing suite
  - doc/peers.txt for the peers protocol reference
  - doc/coding-style.txt for how to adopt HAProxy's coding style
  - doc/internals for developer-specific documentation (not all up to date)