Le 23/06/2026 à 12:06 PM, Andrea Cocito a écrit :
Hi,
this patch series follows GitHub issue #3426:
https://github.com/haproxy/haproxy/issues/3426
It fixes malformed HTTP/1.1 chunked output when an HTTP/3 request
without Content-Length is forwarded to an H1 backend. The bug was
observed with 3.4.0-fc300e9 and reproduced on current master. Without
the fix, a backend may receive a later chunk size derived from the
cumulative H3 DATA length, reject the request, and HAProxy returns 500
to the client.
Patch 1 updates the H3 unknown-length accounting to increment
qcs->sd->kip by the current DATA frame length instead of assigning the
cumulative h3s->data_len value.
Patch 2 adds a QUIC regression test. It fails against parent
1e144c488c612092067e07f18618482c64d33d17 with an oversized chunk
(BE6A) followed by EOF, and passes with the fix.
Validated with patched 3.4.0-fc300e9 on FreeBSD 15.1 against the same
H1 backend used in production, and with the new VTC on current master.
Please find attached:
0001-BUG-MEDIUM-h3-increment-unknown-request-payload-leng.patch
0002-REGTESTS-quic-test-H3-request-without-content-length.patch
Thanks, now merged !
--
Christopher Faulet