commit a90f5425e7b47420441ec4bd220c397de4739de0
Author: Dridi Boukelmoune <dridi.boukelmoune@gmail.com>
Date: Thu Mar 28 15:21:01 2024 +0100
http2_hpack: Enforce http_req_hdr_len limit
Refs #3709
diff --git a/bin/varnishd/http2/cache_http2_hpack.c b/bin/varnishd/http2/cache_http2_hpack.c
index 531c50307..b47dba507 100644
--- a/bin/varnishd/http2/cache_http2_hpack.c
+++ b/bin/varnishd/http2/cache_http2_hpack.c
@@ -161,7 +161,7 @@ h2h_addhdr(struct http *hp, struct h2h_decode *d)
disallow_empty = 0;
has_dup = 0;
- if (Tlen(hdr) > UINT_MAX) { /* XXX: cache_param max header size */
+ if (Tlen(hdr) > cache_param->http_req_hdr_len) {
VSLb(hp->vsl, SLT_BogoHeader, "Header too large: %.20s", hdr.b);
return (H2SE_ENHANCE_YOUR_CALM);
}
diff --git a/bin/varnishtest/tests/r03709.vtc b/bin/varnishtest/tests/r03709.vtc
new file mode 100644
index 000000000..7439efba3
--- /dev/null
+++ b/bin/varnishtest/tests/r03709.vtc
@@ -0,0 +1,21 @@
+varnishtest "h2 req limits"
+
+varnish v1 -cliok "param.set feature +http2"
+varnish v1 -cliok "param.set http_req_hdr_len 40b"
+varnish v1 -vcl {
+ backend be none;
+} -start
+
+logexpect l1 -v v1 -g raw -q BogoHeader {
+ expect 0 1001 BogoHeader "Header too large: :path"
+} -start
+
+client c1 {
+ stream next {
+ txreq -url ${string,repeat,4,/123456789}
+ rxrst
+ expect rst.err == ENHANCE_YOUR_CALM
+ } -run
+} -run
+
+logexpect l1 -wait
_______________________________________________
varnish-commit mailing list
varnish-commit@varnish-cache.org
https://www.varnish-cache.org/lists/mailman/listinfo/varnish-commit
Author: Dridi Boukelmoune <dridi.boukelmoune@gmail.com>
Date: Thu Mar 28 15:21:01 2024 +0100
http2_hpack: Enforce http_req_hdr_len limit
Refs #3709
diff --git a/bin/varnishd/http2/cache_http2_hpack.c b/bin/varnishd/http2/cache_http2_hpack.c
index 531c50307..b47dba507 100644
--- a/bin/varnishd/http2/cache_http2_hpack.c
+++ b/bin/varnishd/http2/cache_http2_hpack.c
@@ -161,7 +161,7 @@ h2h_addhdr(struct http *hp, struct h2h_decode *d)
disallow_empty = 0;
has_dup = 0;
- if (Tlen(hdr) > UINT_MAX) { /* XXX: cache_param max header size */
+ if (Tlen(hdr) > cache_param->http_req_hdr_len) {
VSLb(hp->vsl, SLT_BogoHeader, "Header too large: %.20s", hdr.b);
return (H2SE_ENHANCE_YOUR_CALM);
}
diff --git a/bin/varnishtest/tests/r03709.vtc b/bin/varnishtest/tests/r03709.vtc
new file mode 100644
index 000000000..7439efba3
--- /dev/null
+++ b/bin/varnishtest/tests/r03709.vtc
@@ -0,0 +1,21 @@
+varnishtest "h2 req limits"
+
+varnish v1 -cliok "param.set feature +http2"
+varnish v1 -cliok "param.set http_req_hdr_len 40b"
+varnish v1 -vcl {
+ backend be none;
+} -start
+
+logexpect l1 -v v1 -g raw -q BogoHeader {
+ expect 0 1001 BogoHeader "Header too large: :path"
+} -start
+
+client c1 {
+ stream next {
+ txreq -url ${string,repeat,4,/123456789}
+ rxrst
+ expect rst.err == ENHANCE_YOUR_CALM
+ } -run
+} -run
+
+logexpect l1 -wait
_______________________________________________
varnish-commit mailing list
varnish-commit@varnish-cache.org
https://www.varnish-cache.org/lists/mailman/listinfo/varnish-commit