Skip to content

transport: http2 server must validates header list size when early aborting stream #8769

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
joybestourous wants to merge 5 commits into
base: master
Choose a base branch
from
Open

transport: http2 server must validates header list size when early aborting stream #8769

joybestourous wants to merge 5 commits into from
+100 −80

Conversation

@joybestourous
Copy link
Contributor

@joybestourous joybestourous commented Dec 12, 2025

Modifies earlyAbortStreamHandler to include check the header list size when early aborting, and returns a RST_STREAM if the max size is exceeded.

Fixes #8766

RELEASE NOTES:

  • transport: http2 server now validates header list size when early aborting stream

@codecov
Copy link

codecov bot commented Dec 12, 2025
edited
Loading

Codecov Report

❌ Patch coverage is 87.50000% with 5 lines in your changes missing coverage. Please review.
✅ Project coverage is 83.32%. Comparing base (489f1f6) to head (fdf518c).
⚠️ Report is 9 commits behind head on master.

Files with missing lines Patch % Lines
internal/transport/http2_server.go 93.75% 1 Missing and 1 partial ⚠️
test/servertester.go 71.42% 1 Missing and 1 partial ⚠️
internal/transport/controlbuf.go 0.00% 0 Missing and 1 partial ⚠️
Additional details and impacted files 
@@            Coverage Diff             @@
##           master    #8769      +/-   ##
==========================================
- Coverage   83.42%   83.32%   -0.11%     
==========================================
  Files         419      418       -1     
  Lines       32556    32875     +319     
==========================================
+ Hits        27161    27394     +233     
- Misses       4015     4086      +71     
- Partials     1380     1395      +15
Files with missing lines Coverage Δ
internal/transport/controlbuf.go 90.60% <0.00%> (+1.98%) ⬆️
internal/transport/http2_server.go 90.91% <93.75%> (-0.16%) ⬇️
test/servertester.go 62.27% <71.42%> (+0.16%) ⬆️

... and 39 files with indirect coverage changes

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

@eshitachandwani eshitachandwani self-requested a review December 16, 2025 04:25
@eshitachandwani eshitachandwani self-assigned this Dec 16, 2025
@easwars easwars added Type: Bug Area: Transport Includes HTTP/2 client/server and HTTP server handler transports and advanced transport features. labels Dec 16, 2025
@easwars easwars added this to the 1.79 Release milestone Dec 16, 2025
@easwars easwars removed their assignment Dec 16, 2025
@easwars easwars removed the request for review from eshitachandwani December 16, 2025 20:00
@easwars easwars assigned arjan-bal and unassigned eshitachandwani Dec 16, 2025
@easwars
Copy link
Contributor

easwars commented Dec 16, 2025

@eshitachandwani: I'm moving this to @arjan-bal for second review as he was the one who filed the issue in the first place.

arjan-bal
arjan-bal reviewed Dec 17, 2025
View reviewed changes
@arjan-bal arjan-bal assigned joybestourous and unassigned arjan-bal Dec 17, 2025
@joybestourous joybestourous force-pushed the joy.bestourous/header-check branch from 41d5c22 to 2ceced5 Compare December 18, 2025 20:57
@joybestourous joybestourous removed their assignment Dec 18, 2025
@arjan-bal arjan-bal self-assigned this Dec 19, 2025
arjan-bal
arjan-bal reviewed Dec 22, 2025
View reviewed changes
Copy link
Contributor

@arjan-bal arjan-bal left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Mostly looks good, left some minor comments.

internal/transport/http2_server.go
}
if p := istatus.RawStatusProto(stat); len(p.GetDetails()) > 0 {
stBytes, err := proto.Marshal(p)
if err == nil {
Copy link
Contributor

@arjan-bal arjan-bal Dec 22, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

nit: Can you please bring back the error log when protobuf serialization fails?

internal/transport/http2_server.go Outdated
Comment on lines 972 to 938
func (t *http2Server) checkForHeaderListSize(it any) bool {
if t.maxSendHeaderListSize == nil {
// checkForHeaderListSize checks if the header list size exceeds the limit set
// by the peer. It returns false if the limit is exceeded.
func checkForHeaderListSize(hf []hpack.HeaderField, maxSendHeaderListSize *uint32) bool {
Copy link
Contributor

@arjan-bal arjan-bal Dec 22, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Instead of adding a new function that accepts a []hpack.HeaderField, can the existing method be updated to func (t *http2Server) checkForHeaderListSize(hf []hpack.HeaderField) bool?

That should make diff smaller.

internal/transport/http2_server.go Outdated
status: status.New(codes.DeadlineExceeded, context.DeadlineExceeded.Error()),
rst: !frame.StreamEnded(),
})
t.writeEarlyAbort(s.id, s.contentSubtype, status.New(codes.DeadlineExceeded, context.DeadlineExceeded.Error()), http.StatusOK, !frame.StreamEnded())
Copy link
Contributor

@arjan-bal arjan-bal Dec 22, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

nit: Can you move the definition of status to a new line to keep this line short?

st := status.New(codes.DeadlineExceeded, context.DeadlineExceeded.Error())
t.writeEarlyAbort(/*omitted*/)

internal/transport/http2_server.go Outdated
}

// buildEarlyAbortHF builds the header fields for an early abort response.
func buildEarlyAbortHF(httpStatus uint32, contentSubtype string, stat *status.Status) []hpack.HeaderField {
Copy link
Contributor

@arjan-bal arjan-bal Dec 22, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

nit: Since there's only one caller for this function, can we merge it into writeEarlyAbort? We can split the method in the future if it becomes too long.

@arjan-bal arjan-bal assigned joybestourous and unassigned arjan-bal Dec 22, 2025
@joybestourous joybestourous removed their assignment Dec 29, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@arjan-bal arjan-bal arjan-bal left review comments

@easwars easwars easwars approved these changes

Assignees

No one assigned

Labels

Area: Transport Includes HTTP/2 client/server and HTTP server handler transports and advanced transport features. Type: Bug

Projects

None yet

Milestone

1.79 Release

Development

Successfully merging this pull request may close these issues.

transport: http2 server must validate header list size when early aborting stream

4 participants

@joybestourous @easwars @arjan-bal @eshitachandwani