Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

quiche: Fix crash in Quic listener upon request without authority #15799

Merged
merged 2 commits into from
Apr 2, 2021
Merged

quiche: Fix crash in Quic listener upon request without authority #15799

merged 2 commits into from
Apr 2, 2021

Conversation

danzh2010
Copy link
Contributor

Signed-off-by: Dan Zhang [email protected]

Commit Message: Fix a recent regression where Quic listener crash while decoding request headers without :authority field.

Risk Level: low, WIP feature.
Testing: added integration test

@moderation
Copy link
Contributor

I think this is related to testing with https://github.com/kazu-yamamoto/h3spec/

Original CID: 67561517f79bac11
handshakeClientConnection: NextVersion Draft29
Original CID: 396a54847c68fd3f
Version: Draft29
Cipher: AES256GCM-SHA384
ALPN: h3-29
Mode: FullHandshake
Local CID: 4e797cace3c212bd
Remote CID: 396a54847c68fd3f
Local SockAddr: [fd7a:115c:a1e0:ab12:4843:cd96:6259:f77d]:56541
Remote SockAddr: [fd7a:115c:a1e0:ab12:4843:cd96:6259:f77d]:4433
readerClient: Network.Socket.recvBuf: does not exist (Connection refused)
sender: Network.Socket.ByteString.sendMany: does not exist (Connection refused)
  MUST send H3_MESSAGE_ERROR if mandatory pseudo-header fields are absent [HTTP/3 4.1.3] FAILED [10]

[2021-03-29 15:30:23.674][458474][debug][quic_stream] [source/common/quic/envoy_quic_server_stream.cc:62] [C4270600207827630722][S0] encodeHeaders (end_stream=false) ':status', '400'                                                                                                                                                                          
'server', 'envoy'                                                                                                                                                               
'date', 'Mon, 29 Mar 2021 22:30:23 GMT'                                                                                                                                         
'content-type', 'text/html'                                                                                                                                                     
'content-length', '122'                                                                                                                                                         
'x-envoy-upstream-service-time', '387'                                                                                                                                          
.                                                                                                                                                                               
[2021-03-29 15:30:23.674][458474][debug][client] [source/common/http/codec_client.cc:122] [C0] response complete                                                                
[2021-03-29 15:30:23.674][458474][debug][pool] [source/common/conn_pool/conn_pool_base.cc:199] [C0] destroying stream: 0 remaining                                              
[2021-03-29 15:30:23.674][458474][debug][quic_stream] [source/common/quic/envoy_quic_server_stream.cc:87] [C4270600207827630722][S0] encodeData (end_stream=true) of 122 bytes. 
[2021-03-29 15:30:23.675][458474][debug][http2] [source/common/http/http2/codec_impl.cc:999] [C0] stream closed: 0                                                              
[2021-03-29 15:30:23.903][458474][debug][http] [source/common/http/conn_manager_impl.cc:259] [C16503042738206918425] new stream                                                 
[2021-03-29 15:30:23.903][458474][debug][quic_stream] [source/common/quic/envoy_quic_server_stream.cc:160] [C16503042738206918425][S0] Received headers: { :method=GET, :scheme=https, :path=/, }.                                                                                                                                                              
fish: "~/Library/envoy/envoy --concurr…" terminated by signal SIGSEGV (Address boundary error)

alyssawilk
alyssawilk reviewed Apr 1, 2021
View reviewed changes
source/common/quic/envoy_quic_server_stream.cc
@@ -142,7 +142,7 @@ void EnvoyQuicServerStream::OnInitialHeadersComplete(bool fin, size_t frame_len,
}
std::unique_ptr<Http::RequestHeaderMapImpl> headers =
quicHeadersToEnvoyHeaders<Http::RequestHeaderMapImpl>(header_list);
if (!Http::HeaderUtility::authorityIsValid(headers->Host()->value().getStringView())) {
if (Http::HeaderUtility::requestHeadersValid(*headers) != absl::nullopt) {
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Nice!

Want to set details here or wait and add them all at once?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I will set invalid http header response code in #15753

@danzh2010
Copy link
Contributor Author

/assign @mattklein123

@mattklein123 mattklein123 merged commit ffe7bbd into envoyproxy:main Apr 2, 2021
@moderation
Copy link
Contributor

@danzh2010 @alyssawilk I can confirm the fix works with no crashes using h3spec 0.1.6. Thanks
image

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@alyssawilk alyssawilk alyssawilk approved these changes

Assignees

@mattklein123 mattklein123

@alyssawilk alyssawilk

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@danzh2010 @moderation @alyssawilk @mattklein123 @danzh1989