Skip to content

transport: http2 server must validates header list size when early aborting stream #8769

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
joybestourous wants to merge 3 commits into
base: master
Choose a base branch
from
Open

transport: http2 server must validates header list size when early aborting stream #8769

joybestourous wants to merge 3 commits into from
+115 −44

Conversation

@joybestourous
Copy link
Contributor

@joybestourous joybestourous commented Dec 12, 2025

Modifies earlyAbortStreamHandler to include check the header list size when early aborting, and returns a RST_STREAM if the max size is exceeded.

Fixes #8766

RELEASE NOTES:

  • transport: http2 server now validates header list size when early aborting stream

@codecov
Copy link

codecov bot commented Dec 12, 2025
edited
Loading

Codecov Report

❌ Patch coverage is 89.65517% with 6 lines in your changes missing coverage. Please review.
✅ Project coverage is 83.38%. Comparing base (489f1f6) to head (472ec38).
⚠️ Report is 2 commits behind head on master.

Files with missing lines Patch % Lines
internal/transport/controlbuf.go 50.00% 1 Missing and 1 partial ⚠️
internal/transport/http2_server.go 95.74% 1 Missing and 1 partial ⚠️
test/servertester.go 71.42% 1 Missing and 1 partial ⚠️
Additional details and impacted files 
@@            Coverage Diff             @@
##           master    #8769      +/-   ##
==========================================
- Coverage   83.42%   83.38%   -0.05%     
==========================================
  Files         419      419              
  Lines       32556    32576      +20     
==========================================
+ Hits        27161    27162       +1     
- Misses       4015     4028      +13     
- Partials     1380     1386       +6
Files with missing lines Coverage Δ
internal/transport/controlbuf.go 88.91% <50.00%> (+0.29%) ⬆️
internal/transport/http2_server.go 91.28% <95.74%> (+0.21%) ⬆️
test/servertester.go 61.67% <71.42%> (-0.44%) ⬇️

... and 19 files with indirect coverage changes

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

@eshitachandwani eshitachandwani self-requested a review December 16, 2025 04:25
@eshitachandwani eshitachandwani self-assigned this Dec 16, 2025
@easwars easwars added Type: Bug Area: Transport Includes HTTP/2 client/server and HTTP server handler transports and advanced transport features. labels Dec 16, 2025
@easwars easwars added this to the 1.79 Release milestone Dec 16, 2025
@easwars easwars removed their assignment Dec 16, 2025
@easwars easwars removed the request for review from eshitachandwani December 16, 2025 20:00
@easwars easwars assigned arjan-bal and unassigned eshitachandwani Dec 16, 2025
@easwars
Copy link
Contributor

easwars commented Dec 16, 2025

@eshitachandwani: I'm moving this to @arjan-bal for second review as he was the one who filed the issue in the first place.

arjan-bal
arjan-bal reviewed Dec 17, 2025
View reviewed changes
internal/transport/http2_server.go
contentSubtype: s.contentSubtype,
status: status.New(codes.Internal, errMsg),
rst: !frame.StreamEnded(),
maxSendHeaderListSize: t.maxSendHeaderListSize,
Copy link
Contributor

@arjan-bal arjan-bal Dec 17, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I believe the controlBuf.mu mutex needs to be held while accessing t.maxSendHeaderListSize since the value can be updated while handling an HTTP/2 Settings frame from the peer. For the Settings to take effect, the server need to send a Settings ACK frame to the peer. The FIFO ordering of the controlbuf ensures that last ACKed settings are always respected.

I suggest using t.controlBuf.executeAndPut with a callback that validates the header size and enqueues earlyAbortStream if validation passes. If validation fails, call t.closeStream to close the stream with a RST frame. Let me know if this adds too much complexity.

@arjan-bal arjan-bal assigned joybestourous and unassigned arjan-bal Dec 17, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@arjan-bal arjan-bal arjan-bal left review comments

@easwars easwars easwars approved these changes

Assignees

@joybestourous joybestourous

Labels

Area: Transport Includes HTTP/2 client/server and HTTP server handler transports and advanced transport features. Type: Bug

Projects

None yet

Milestone

1.79 Release

Development

Successfully merging this pull request may close these issues.

transport: http2 server must validate header list size when early aborting stream

4 participants

@joybestourous @easwars @arjan-bal @eshitachandwani