http2_hpack: Enforce http_req_size limit

Fixes #3709 Closes #3892
varnishcache · Mar 29, 2024 · 7ccffe7 · 7ccffe7
1 parent 97e83dd
commit 7ccffe7
Show file tree

Hide file tree

Showing 2 changed files with 31 additions and 3 deletions.
diff --git a/bin/varnishd/http2/cache_http2_hpack.c b/bin/varnishd/http2/cache_http2_hpack.c
@@ -269,7 +269,8 @@ h2h_decode_init(const struct h2_sess *h2)
 	d = h2->decode;
 	INIT_OBJ(d, H2H_DECODE_MAGIC);
 	VHD_Init(d->vhd);
-	d->out_l = WS_ReserveAll(h2->new_req->http->ws);
+	d->out_l = WS_ReserveSize(h2->new_req->http->ws,
+	    cache_param->http_req_size);
 	/*
 	 * Can't do any work without any buffer
 	 * space. Require non-zero size.
@@ -310,6 +311,10 @@ h2h_decode_fini(const struct h2_sess *h2)
 	} else
 		ret = d->error;
 	FINI_OBJ(d);
+	if (ret == H2SE_REQ_SIZE) {
+		VSLb(h2->new_req->http->vsl, SLT_LostHeader,
+		    "Header list too large");
+	}
 	return (ret);
 }
 

diff --git a/bin/varnishtest/tests/r03709.vtc b/bin/varnishtest/tests/r03709.vtc
@@ -2,17 +2,40 @@ varnishtest "h2 req limits"
 
 varnish v1 -cliok "param.set feature +http2"
 varnish v1 -cliok "param.set http_req_hdr_len 40b"
+varnish v1 -cliok "param.set http_req_size 512b"
 varnish v1 -vcl {
 	backend be none;
 } -start
 
-logexpect l1 -v v1 -g raw -q BogoHeader {
+logexpect l1 -v v1 -g raw -q BogoHeader,LostHeader {
 	expect 0 1001 BogoHeader "Header too large: :path"
+	expect 0 1002 LostHeader "Header list too large"
 } -start
 
 client c1 {
 	stream next {
-		txreq -url ${string,repeat,4,/123456789}
+		txreq -url ${string,repeat,4,/123456789} \
+			-hdr limit http_req_hdr_len
+		rxrst
+		expect rst.err == ENHANCE_YOUR_CALM
+	} -run
+
+	stream next {
+		txreq -url "/http_req_size" \
+			-hdr hdr1 ${string,repeat,3,/123456789} \
+			-hdr hdr2 ${string,repeat,3,/123456789} \
+			-hdr hdr3 ${string,repeat,3,/123456789} \
+			-hdr hdr4 ${string,repeat,3,/123456789} \
+			-hdr hdr5 ${string,repeat,3,/123456789} \
+			-hdr hdr6 ${string,repeat,3,/123456789} \
+			-hdr hdr7 ${string,repeat,3,/123456789} \
+			-hdr hdr8 ${string,repeat,3,/123456789} \
+			-hdr hdr9 ${string,repeat,3,/123456789} \
+			-hdr hdr10 ${string,repeat,3,/123456789} \
+			-hdr hdr11 ${string,repeat,3,/123456789} \
+			-hdr hdr12 ${string,repeat,3,/123456789} \
+			-hdr hdr13 ${string,repeat,3,/123456789} \
+			-hdr hdr14 ${string,repeat,3,/123456789}
 		rxrst
 		expect rst.err == ENHANCE_YOUR_CALM
 	} -run