Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[release/7.0] Fix HTTP/3 and HTTTP/2 header decoder buffer allocation #85337

Closed
wants to merge 1 commit into from
Closed

[release/7.0] Fix HTTP/3 and HTTTP/2 header decoder buffer allocation #85337

wants to merge 1 commit into from

Conversation

ManickaP
Copy link
Member

@ManickaP ManickaP commented Apr 25, 2023
edited by karelz
Loading

Fixes #78516

Backports #78862

Customer impact

Reliability problem in HTTP/2 and HTTP/3, where some requests/responses with large headers that should be accepted might end up throwing exception.

  • In HPack cases (HTTP/2 scenarios), the issue is much less likely to be hit as it requires 4KB of headers.
  • In QPack (HTTP/3), the header size required to hit this is much smaller and that's where this was caught by the original issue reporter.

This is a shared code with Kestrel so this affects server side as well - expect follow up PR in ASP.NET.

Testing

Added tests for the root cause and similar scenarios, increasing test coverage. All of those are ran in CI.

Risk

Low, as this affects only QPack (H/3 is still not as wide-spread as other HTTP versions) and HPack in (rare) case of 4KB+ sized headers data buffers.

@BrunoBlanes @ManickaP
Fix HTTP3 header decoder buffer allocation (dotnet#78862)
0258951 
* Add test for literal field without name reference

* Fix header name buffer allocation

* Add more tests

* Unified QPackDecoderTest test files

* Fix variable name

* Fixed HPackDecoder and ported QPack tests

* Feedback

---------

Co-authored-by: ManickaP <[email protected]>
@ghost ghost assigned ManickaP Apr 25, 2023
@ghost
Copy link

ghost commented Apr 25, 2023

Tagging subscribers to this area: @dotnet/ncl
See info in area-owners.md if you want to be subscribed.

Issue Details

Backports #78862

Customer impact

In HPack cases (HTTP/2 scenarios), the issue is much less likely to be hit as it requires 4KB of headers. In QPack (HTTP/3), the header size required to hit this is much smaller and that's where this was caught by the original issue reporter. In either case, this is a reliability problem and requests/responses that should be accepted might end up in an exception. Moreover, this is a shared code with Kestrel so this affects server side as well.

Testing

Added tests for the root cause and similar scenarios, increasing test coverage. All of those are ran in CI.

Risk

Low, as this affects only QPack (H/3 is still not as wide-spread as other HTTP versions) and HPack in case of 4KB+ sized headers data buffers.

Author: ManickaP
Assignees: ManickaP
Labels:

area-System.Net.Http
Milestone: -

This was referenced Apr 25, 2023
Closed
Closed
Closed
@ManickaP
Copy link
Member Author

Failures are unrelated: #84394 and #85304

@ManickaP ManickaP mentioned this pull request Apr 28, 2023
Merged
10 tasks
@karelz
Copy link
Member

karelz commented Apr 28, 2023

Approved by Tactics (@SteveMCarroll) on 4/27 via email. Marking as servicing-approved.

@karelz karelz added the Servicing-approved Approved for servicing release label Apr 28, 2023
@karelz karelz added this to the 7.0.x milestone Apr 28, 2023
@MihaZupan
Copy link
Member

Should this be rebased against release/7.0-staging?

carlossanlop
carlossanlop requested changes May 4, 2023
View reviewed changes
Copy link
Member

@carlossanlop carlossanlop left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yes, please re-target your PR to release/7.0-staging. The release/7.0 branch does not receive product fixes directly anymore.

When you re-target, please confirm the code changes in your PR remained the same. I've seen many times that other unrelated changes are included unexpectedly due to the change in branches.

If you haven't retargeted a PR to another branch before, click on the Edit button (for when you change the PR title) and you'll see a dropdown that lets you select the destination branch.

Reminder that code-complete for the June Release is May 15th. Please make sure to get this PR merged before that date.

@ghost ghost added the needs-author-action An issue or pull request that requires more info or actions from the author. label May 4, 2023
@carlossanlop carlossanlop mentioned this pull request May 4, 2023
Closed
@ManickaP ManickaP mentioned this pull request May 9, 2023
Merged
@ManickaP
Copy link
Member Author

ManickaP commented May 9, 2023

Closed in favor of #85977

@ManickaP ManickaP closed this May 9, 2023
@ManickaP ManickaP deleted the release/7.0 branch May 9, 2023 14:27
@ghost ghost locked as resolved and limited conversation to collaborators Jun 8, 2023
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@carlossanlop carlossanlop carlossanlop requested changes

@MihaZupan MihaZupan MihaZupan approved these changes

Assignees

@ManickaP ManickaP

Labels
area-System.Net.Http needs-author-action An issue or pull request that requires more info or actions from the author. Servicing-approved Approved for servicing release
Projects
None yet
Milestone
7.0.x
Development

Successfully merging this pull request may close these issues.
5 participants
@ManickaP @karelz @MihaZupan @carlossanlop @BrunoBlanes