LILiK
/
openwrt-packages-dist
5
0
Fork 0
Code Issues 0 Pull Requests 0 Projects 0 Releases 0 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
24255 Commits
1 Branch
46 MiB
Tree: 9d67bfbe3b
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '9d67bfbe3b'
${ noResults }
openwrt-packages-dist/net/lighttpd/patches/080-http2-data-after-respon...

145 lines
5.7 KiB
Raw Normal View History

lighttpd: patches from upstream - ignore Content-Length from backend if 101 Switching Protocols - close HTTP/2 connection after bad password - skip cert chain build for self-issued certs - meson zstd fix - ls-hpack upstream update - discard some HTTP/2 DATA frames received after response Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
3 years ago
 
  1. From 81d18a8e359685c169cfd30e6a1574b98aedbaeb Mon Sep 17 00:00:00 2001
  2. From: Glenn Strauss <gstrauss@gluelogic.com>
  3. Date: Thu, 22 Apr 2021 01:11:47 -0400
  4. Subject: [PATCH] [core] discard some HTTP/2 DATA after response (fixes #3078)
  5. 

  6. (thx oldium)
  7.     
  8. improve handling of HTTP/2 DATA frames received
  9. a short time after sending response
  10. 

  11. x-ref:
  12.   "POST request DATA part for non-existing URI closes HTTP/2 connection prematurely"
  13.   https://redmine.lighttpd.net/issues/3078
  14. 

  15. Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
  16. ---

  17.  src/h2.c | 64 ++++++++++++++++++++++++++++++++++++++++++--------------
  18.  src/h2.h |  1 +
  19.  2 files changed, 49 insertions(+), 16 deletions(-)
  20. 

  21. --- a/src/h2.c

  22. +++ b/src/h2.c

  23. @@ -272,10 +272,23 @@ h2_send_rst_stream_id (uint32_t h2id, co

  24.  
  25.  __attribute_cold__
  26.  static void
  27. -h2_send_rst_stream (request_st * const r, connection * const con, const request_h2error_t e)

  28. +h2_send_rst_stream_state (request_st * const r, h2con * const h2c)

  29.  {
  30. +    if (r->h2state != H2_STATE_HALF_CLOSED_REMOTE

  31. +        && r->h2state != H2_STATE_CLOSED) {

  32. +        /* set timestamp for comparison; not tracking individual stream ids */

  33. +        h2c->half_closed_ts = log_epoch_secs;

  34. +    }

  35.      r->state = CON_STATE_ERROR;
  36.      r->h2state = H2_STATE_CLOSED;
  37. +}

  38. +

  39. +

  40. +__attribute_cold__

  41. +static void

  42. +h2_send_rst_stream (request_st * const r, connection * const con, const request_h2error_t e)

  43. +{

  44. +    h2_send_rst_stream_state(r, con->h2);/*(sets r->h2state = H2_STATE_CLOSED)*/

  45.      h2_send_rst_stream_id(r->h2id, con, e);
  46.  }
  47.  
  48. @@ -289,13 +302,10 @@ h2_send_goaway_rst_stream (connection *

  49.      for (uint32_t i = 0, rused = h2c->rused; i < rused; ++i) {
  50.          request_st * const r = h2c->r[i];
  51.          if (r->h2state == H2_STATE_CLOSED) continue;
  52. +        h2_send_rst_stream_state(r, h2c);/*(sets r->h2state = H2_STATE_CLOSED)*/

  53.          /*(XXX: might consider always sending RST_STREAM)*/
  54. -        if (!sent_goaway) {

  55. -            r->state = CON_STATE_ERROR;

  56. -            r->h2state = H2_STATE_CLOSED;

  57. -        }

  58. -        else /*(also sets r->h2state = H2_STATE_CLOSED)*/

  59. -            h2_send_rst_stream(r, con, H2_E_PROTOCOL_ERROR);

  60. +        if (sent_goaway)

  61. +            h2_send_rst_stream_id(r->h2id, con, H2_E_PROTOCOL_ERROR);

  62.      }
  63.  }
  64.  
  65. @@ -780,14 +790,27 @@ h2_recv_data (connection * const con, co

  66.      }
  67.      chunkqueue * const cq = con->read_queue;
  68.      if (NULL == r) {
  69. -        /* XXX: TODO: might need to keep a list of recently retired streams

  70. -         * for a few seconds so that if we send RST_STREAM, then we ignore

  71. -         * further DATA and do not send connection error, though recv windows

  72. -         * still must be updated. */

  73. -        if (h2c->h2_cid < id || (!h2c->sent_goaway && 0 != alen))

  74. -            h2_send_goaway_e(con, H2_E_PROTOCOL_ERROR);

  75. +        /* simplistic heuristic to discard additional DATA from recently-closed

  76. +         * streams (or half-closed (local)), where recently-closed here is

  77. +         * within 2-3 seconds of any (other) stream being half-closed (local)

  78. +         * or reset before that (other) stream received END_STREAM from peer.

  79. +         * (e.g. clients might fire off POST request followed by DATA,

  80. +         *  and a response might be sent before processing DATA frames)

  81. +         * (id <= h2c->h2_cid) already checked above, else H2_E_PROTOCOL_ERROR

  82. +         * If the above conditions do not hold, then send GOAWAY to attempt to

  83. +         * reduce the chance of becoming an infinite data sink for misbehaving

  84. +         * clients, though remaining streams are still handled before the

  85. +         * connection is closed. */

  86.          chunkqueue_mark_written(cq, 9+len);
  87. -        return 0;

  88. +        if (h2c->half_closed_ts + 2 >= log_epoch_secs) {

  89. +            h2_send_window_update(con, 0, len); /*(h2r->h2_rwin)*/

  90. +            return 1;

  91. +        }

  92. +        else {

  93. +            if (!h2c->sent_goaway && 0 != alen)

  94. +                h2_send_goaway_e(con, H2_E_NO_ERROR);

  95. +            return 0;

  96. +        }

  97.      }
  98.  
  99.      if (r->h2state == H2_STATE_CLOSED
  100. @@ -808,7 +831,7 @@ h2_recv_data (connection * const con, co

  101.          }
  102.      }
  103.      /*(allow h2r->h2_rwin to dip below 0 so that entire frame is processed)*/
  104. -    /*(undeflow will not occur (with reasonable SETTINGS_MAX_FRAME_SIZE used)

  105. +    /*(underflow will not occur (with reasonable SETTINGS_MAX_FRAME_SIZE used)

  106.       * since windows updated elsewhere and data is streamed to temp files if
  107.       * not FDEVENT_STREAM_REQUEST_BUFMIN)*/
  108.      /*r->h2_rwin -= (int32_t)len;*/
  109. @@ -2347,16 +2370,25 @@ h2_send_end_stream_data (request_st * co

  110.      } };
  111.  
  112.      dataframe.u[2] = htonl(r->h2id);
  113. -    r->h2state = H2_STATE_CLOSED;

  114.      /*(ignore window updates when sending 0-length DATA frame with END_STREAM)*/
  115.      chunkqueue_append_mem(con->write_queue,  /*(+3 to skip over align pad)*/
  116.                            (const char *)dataframe.c+3, sizeof(dataframe)-3);
  117. +

  118. +    if (r->h2state != H2_STATE_HALF_CLOSED_REMOTE) {

  119. +        /* set timestamp for comparison; not tracking individual stream ids */

  120. +        h2con * const h2c = con->h2;

  121. +        h2c->half_closed_ts = log_epoch_secs;

  122. +        /* indicate to peer that no more DATA should be sent from peer */

  123. +        h2_send_rst_stream_id(r->h2id, con, H2_E_NO_ERROR);

  124. +    }

  125. +    r->h2state = H2_STATE_CLOSED;

  126.  }
  127.  
  128.  
  129.  void
  130.  h2_send_end_stream (request_st * const r, connection * const con)
  131.  {
  132. +    if (r->h2state == H2_STATE_CLOSED) return;

  133.      if (r->state != CON_STATE_ERROR && r->resp_body_finished) {
  134.          /* CON_STATE_RESPONSE_END */
  135.          if (r->gw_dechunk && r->gw_dechunk->done
  136. --- a/src/h2.h

  137. +++ b/src/h2.h

  138. @@ -92,6 +92,7 @@ struct h2con {

  139.      uint32_t s_max_header_list_size;   /* SETTINGS_MAX_HEADER_LIST_SIZE   */
  140.      struct lshpack_dec decoder;
  141.      struct lshpack_enc encoder;
  142. +      time_t half_closed_ts;

  143.  };
  144.  
  145.  void h2_send_goaway (connection *con, request_h2error_t e);