BUG/MINOR: h3: always reject PUSH_PROMISE
The condition for checking PUSH_PROMISE was not correctly interpreted
from the RFC. Initially, it rejects such a frame for every stream
initiated from client side.
In fact, the RFC indicates that PUSH_PROMISE are never sent by a client.
Thus, it can be rejected in any case until HTTP/3 will be implemented on
the backend side.
This should be backported up to 2.6.
(cherry picked from commit 74ba22b1eeaeb96b74d3a4f7abdead88e9b4f413)
Signed-off-by: Christopher Faulet <cfaulet@haproxy.com>
diff --git a/src/h3.c b/src/h3.c
index 8abc29e..64863cf 100644
--- a/src/h3.c
+++ b/src/h3.c
@@ -307,7 +307,6 @@
static int h3_is_frame_valid(struct h3c *h3c, struct qcs *qcs, uint64_t ftype)
{
struct h3s *h3s = qcs->ctx;
- const uint64_t id = qcs->id;
/* Stream type must be known to ensure frame is valid for this stream. */
BUG_ON(h3s->type == H3S_T_UNKNOWN);
@@ -340,8 +339,14 @@
!(h3c->flags & H3_CF_SETTINGS_RECV);
case H3_FT_PUSH_PROMISE:
- return h3s->type != H3S_T_CTRL &&
- (id & QCS_ID_SRV_INTIATOR_BIT);
+ /* RFC 9114 7.2.5. PUSH_PROMISE
+ * A client MUST NOT send a PUSH_PROMISE frame. A server MUST treat the
+ * receipt of a PUSH_PROMISE frame as a connection error of type
+ * H3_FRAME_UNEXPECTED.
+ */
+
+ /* TODO server-side only. */
+ return 0;
default:
/* draft-ietf-quic-http34 9. Extensions to HTTP/3