[jira] [Commented] (TS-3814) Treat requests with Connection header field as malformed
[ https://issues.apache.org/jira/browse/TS-3814?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14659461#comment-14659461 ] ASF subversion and git services commented on TS-3814: - Commit 1c2ea99cff9de7044226fee9c9f02b4273abae53 in trafficserver's branch refs/heads/6.0.x from [~zwoop] [ https://git-wip-us.apache.org/repos/asf?p=trafficserver.git;h=1c2ea99 ] Merge branch 'master' into 6.0.x * master: TS-3822 clang-analyzer: Value stored to 'stream' during its initialization is never read TS-3824 Fix #include of pcre for a couple of plugins TS-3825 epic plugin does not compile on OmniOS TS-3824 Fix #include of pcre for a couple of plugins TS-3658 ASAN triggers when using the escalate.so plugin TS-3823 Fix tests for -lpthread since the previous commit breaks on FreeBSD TS-3823 Fix tests for -lpthread, and undo some of TS-3308. This retains the support for ASAN in a cleaner way TS-3823 ASAN makes us forget to add -ldl on the LIBS TS-3811 HTTP/2 window size must not exceed 2^31-1 TS-3497: Define Http2Error to classify errors TS-3799: Fix handling of padding in DATA frames TS-3814 Treat requests with Connection header field as malformed, as per specs TS-3782: Add normal scenario tests for HTTP/2 Treat requests with Connection header field as malformed Key: TS-3814 URL: https://issues.apache.org/jira/browse/TS-3814 Project: Traffic Server Issue Type: Bug Components: HTTP/2 Reporter: Ryo Okubo Fix For: 6.0.0 Attachments: fixed_sec8_1_2_2.patch, sec8_1_2_2.patch According to [Section 8.1.2.2 in RFC7540|https://tools.ietf.org/html/rfc7540#section-8.1.2.2], H2 requests with Connection header field should be treated as malformed. But current ATS passes them. -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Commented] (TS-3814) Treat requests with Connection header field as malformed
[ https://issues.apache.org/jira/browse/TS-3814?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14654702#comment-14654702 ] ASF subversion and git services commented on TS-3814: - Commit 14f0599e6342ae4944c95a052fc27c3c895b0d94 in trafficserver's branch refs/heads/master from [~rokubo] [ https://git-wip-us.apache.org/repos/asf?p=trafficserver.git;h=14f0599 ] TS-3814 Treat requests with Connection header field as malformed, as per specs Treat requests with Connection header field as malformed Key: TS-3814 URL: https://issues.apache.org/jira/browse/TS-3814 Project: Traffic Server Issue Type: Bug Components: HTTP/2 Reporter: Ryo Okubo Fix For: 6.0.0 Attachments: fixed_sec8_1_2_2.patch, sec8_1_2_2.patch According to [Section 8.1.2.2 in RFC7540|https://tools.ietf.org/html/rfc7540#section-8.1.2.2], H2 requests with Connection header field should be treated as malformed. But current ATS passes them. -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Commented] (TS-3814) Treat requests with Connection header field as malformed
[ https://issues.apache.org/jira/browse/TS-3814?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14653989#comment-14653989 ] Leif Hedstrom commented on TS-3814: --- [~masaori] [~rokubo] Any thoughts on my comment? Treat requests with Connection header field as malformed Key: TS-3814 URL: https://issues.apache.org/jira/browse/TS-3814 Project: Traffic Server Issue Type: Bug Components: HTTP/2 Reporter: Ryo Okubo Fix For: 6.0.0 Attachments: sec8_1_2_2.patch According to [Section 8.1.2.2 in RFC7540|https://tools.ietf.org/html/rfc7540#section-8.1.2.2], H2 requests with Connection header field should be treated as malformed. But current ATS passes them. -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Commented] (TS-3814) Treat requests with Connection header field as malformed
[ https://issues.apache.org/jira/browse/TS-3814?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14654603#comment-14654603 ] Ryo Okubo commented on TS-3814: --- [~zwoop] The patch on your comment works correctly. I updated my patch based on your advice. I'll try replacing other strcmp()s. Treat requests with Connection header field as malformed Key: TS-3814 URL: https://issues.apache.org/jira/browse/TS-3814 Project: Traffic Server Issue Type: Bug Components: HTTP/2 Reporter: Ryo Okubo Fix For: 6.0.0 Attachments: fixed_sec8_1_2_2.patch, sec8_1_2_2.patch According to [Section 8.1.2.2 in RFC7540|https://tools.ietf.org/html/rfc7540#section-8.1.2.2], H2 requests with Connection header field should be treated as malformed. But current ATS passes them. -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Commented] (TS-3814) Treat requests with Connection header field as malformed
[ https://issues.apache.org/jira/browse/TS-3814?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14654699#comment-14654699 ] Leif Hedstrom commented on TS-3814: --- Great, thanks. I'm going to commit this one, and close this Jira. Please open another Jira to possibly fix those other places where we use strncasecmp() etc. instead of WKS comparisons. Treat requests with Connection header field as malformed Key: TS-3814 URL: https://issues.apache.org/jira/browse/TS-3814 Project: Traffic Server Issue Type: Bug Components: HTTP/2 Reporter: Ryo Okubo Fix For: 6.0.0 Attachments: fixed_sec8_1_2_2.patch, sec8_1_2_2.patch According to [Section 8.1.2.2 in RFC7540|https://tools.ietf.org/html/rfc7540#section-8.1.2.2], H2 requests with Connection header field should be treated as malformed. But current ATS passes them. -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Commented] (TS-3814) Treat requests with Connection header field as malformed
[ https://issues.apache.org/jira/browse/TS-3814?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14652739#comment-14652739 ] Leif Hedstrom commented on TS-3814: --- Are you sure you can't just do e.g. {code} diff --git a/proxy/http2/HTTP2.cc b/proxy/http2/HTTP2.cc index 26c7d57..75da32e 100644 --- a/proxy/http2/HTTP2.cc +++ b/proxy/http2/HTTP2.cc @@ -701,7 +701,7 @@ http2_parse_header_fragment(HTTPHdr *hdr, IOVec iov, Http2DynamicTable dynamic_ } // rfc7540,sec8.1.2.2: Any message containing connection-specific header fields MUST be treated as malformed -if (ptr_len_casecmp(name, name_len, MIME_FIELD_CONNECTION, MIME_LEN_CONNECTION) == 0) { +if (name == MIME_FIELD_CONNECTION) { return HPACK_ERROR_HTTP2_PROTOCOL_ERROR; } {code} Treat requests with Connection header field as malformed Key: TS-3814 URL: https://issues.apache.org/jira/browse/TS-3814 Project: Traffic Server Issue Type: Bug Components: HTTP/2 Reporter: Ryo Okubo Fix For: 6.0.0 Attachments: sec8_1_2_2.patch According to [Section 8.1.2.2 in RFC7540|https://tools.ietf.org/html/rfc7540#section-8.1.2.2], H2 requests with Connection header field should be treated as malformed. But current ATS passes them. -- This message was sent by Atlassian JIRA (v6.3.4#6332)