fix(client-certificates): avoid HTTP/2 crash when upstream TLS fails#41114
fix(client-certificates): avoid HTTP/2 crash when upstream TLS fails#41114yury-s wants to merge 1 commit into
Conversation
When the upstream TLS handshake fails and the browser negotiated h2, the proxy answers with a 503 over HTTP/2. For GET requests the browser sends END_STREAM together with the HEADERS frame, so the stream 'end' event could fire and run cleanup before the 503 DATA write completed. Destroying the socket mid-write crashes the http2 session with an `is_write_in_progress()` assertion (SIGABRT). Drop the 'end' listener and queue cleanup right after stream.end(), relying on setImmediate FIFO ordering to flush the DATA write first. Fixes: microsoft#41105
Test results for "MCP"7230 passed, 1103 skipped Merge workflow run. |
Test results for "tests 1"8 failed 2 flaky39549 passed, 775 skipped Merge workflow run. |
1 participant
Summary
socksClientCertificatesInterceptor, cleanup was registered on the stream's'end'event. For GET requests the browser sendsEND_STREAMwith the HEADERS frame, so'end'can fire and tear down the socket before the 503 DATA write completes — crashing the http2 session with aCHECK(is_write_in_progress())assertion (SIGABRT).'end'listener and queue cleanup right afterstream.end(), relying onsetImmediateFIFO ordering to flush the DATA write first.Note: the crash is a hard-to-hit race that depends on Node's internal http2 write accounting. I confirmed the faulty ordering (cleanup running before the response write finishes) but could not trigger the SIGABRT on Node 22.1–22.22 or 26; the fix removes the latent ordering hazard regardless.
Fixes #41105