http2: set drain on stream end

This is an attempt to fix the following issue in COPR: https://pagure.io/fedora-infrastructure/issue/11133
2023-02-17 14:34:10 +01:00 · 2023-02-17 14:34:10 +01:00 · 13a96c9b8f
commit 13a96c9b8f
parent bdbf01f50c
2 changed files with 121 additions and 1 deletions
--- a/0001-curl-7.88.0-http2-drain.patch
+++ b/0001-curl-7.88.0-http2-drain.patch
@ -0,0 +1,113 @@
+From d38da6c41c897eff642d9e39a234290dd51a3947 Mon Sep 17 00:00:00 2001
+From: Stefan Eissing <stefan@eissing.org>
+Date: Wed, 15 Feb 2023 22:11:13 +0100
+Subject: [PATCH 1/2] http2: buffer/pausedata and output flush fix.
+
+ * do not process pending input data when copying pausedata to the
+   caller
+ * return CURLE_AGAIN if the output buffer could not be completely
+   written out.
+
+Ref: #10525
+Closes #10529
+
+Upstream-commit: 3103de2053ca8cacf9cdbe78764ba6814481709f
+Signed-off-by: Kamil Dudka <kdudka@redhat.com>
+---
+ lib/http2.c | 15 +++------------
+ 1 file changed, 3 insertions(+), 12 deletions(-)
+
+diff --git a/lib/http2.c b/lib/http2.c
+index 46fc746..1ef5d39 100644
+--- a/lib/http2.c
+++ b/lib/http2.c
+@@ -467,6 +467,7 @@ static CURLcode flush_output(struct Curl_cfilter *cf,
+   }
+   if((size_t)written < buflen) {
+     Curl_dyn_tail(&ctx->outbuf, buflen - (size_t)written);
+    return CURLE_AGAIN;
+   }
+   else {
+     Curl_dyn_reset(&ctx->outbuf);
+@@ -1790,6 +1791,7 @@ static ssize_t cf_h2_recv(struct Curl_cfilter *cf, struct Curl_easy *data,
+ 
+     stream->pausedata += nread;
+     stream->pauselen -= nread;
+    drain_this(cf, data);
+ 
+     if(stream->pauselen == 0) {
+       DEBUGF(LOG_CF(data, cf, "[h2sid=%u] Unpaused", stream->stream_id));
+@@ -1798,18 +1800,6 @@ static ssize_t cf_h2_recv(struct Curl_cfilter *cf, struct Curl_easy *data,
+ 
+       stream->pausedata = NULL;
+       stream->pauselen = 0;
+-
+-      /* When NGHTTP2_ERR_PAUSE is returned from
+-         data_source_read_callback, we might not process DATA frame
+-         fully.  Calling nghttp2_session_mem_recv() again will
+-         continue to process DATA frame, but if there is no incoming
+-         frames, then we have to call it again with 0-length data.
+-         Without this, on_stream_close callback will not be called,
+-         and stream could be hanged. */
+-      if(h2_process_pending_input(cf, data, err) != 0) {
+-        nread = -1;
+-        goto out;
+-      }
+     }
+     DEBUGF(LOG_CF(data, cf, "[h2sid=%u] recv: returns unpaused %zd bytes",
+                   stream->stream_id, nread));
+@@ -1933,6 +1923,7 @@ static ssize_t cf_h2_recv(struct Curl_cfilter *cf, struct Curl_easy *data,
+       drained_transfer(cf, data);
+     }
+ 
+    *err = CURLE_OK;
+     nread = retlen;
+     DEBUGF(LOG_CF(data, cf, "[h2sid=%u] cf_h2_recv -> %zd",
+                   stream->stream_id, nread));
+-- 
+2.39.1
+
+
+From 77e5170fe89bce943c52de732071189f463f38a8 Mon Sep 17 00:00:00 2001
+From: Harry Sintonen <sintonen@iki.fi>
+Date: Thu, 16 Feb 2023 06:26:26 +0200
+Subject: [PATCH 2/2] http2: set drain on stream end
+
+Ensure that on_frame_recv() stream end will trigger a read if there is
+pending data. Without this it could happen that the pending data is
+never consumed.
+
+This combined with https://github.com/curl/curl/pull/10529 should fix
+https://github.com/curl/curl/issues/10525
+
+Ref: https://github.com/curl/curl/issues/10525
+Closes #10530
+
+Upstream-commit: 87ed650d04dc1a6f7944a5d952f7d5b0934a19ac
+Signed-off-by: Kamil Dudka <kdudka@redhat.com>
+---
+ lib/http2.c | 8 ++++++++
+ 1 file changed, 8 insertions(+)
+
+diff --git a/lib/http2.c b/lib/http2.c
+index 1ef5d39..bdb5e73 100644
+--- a/lib/http2.c
+++ b/lib/http2.c
+@@ -868,6 +868,14 @@ static int on_frame_recv(nghttp2_session *session, const nghttp2_frame *frame,
+         return NGHTTP2_ERR_CALLBACK_FAILURE;
+       }
+     }
+    if(frame->hd.flags & NGHTTP2_FLAG_END_STREAM) {
+      /* Stream has ended. If there is pending data, ensure that read
+         will occur to consume it. */
+      if(!data->state.drain && stream->memlen) {
+        drain_this(cf, data_s);
+        Curl_expire(data, 0, EXPIRE_RUN_NOW);
+      }
+    }
+     break;
+   case NGHTTP2_HEADERS:
+     DEBUGF(LOG_CF(data_s, cf, "[h2sid=%u] recv frame HEADERS", stream_id));
+-- 
+2.39.1
+
--- a/curl.spec
+++ b/curl.spec
@ -1,7 +1,7 @@
 Summary: A utility for getting files from remote servers (FTP, HTTP, and others)
 Name: curl
 Version: 7.88.0
-Release: 1%{?dist}
+Release: 2%{?dist}
 License: MIT
 Source0: https://curl.se/download/%{name}-%{version}.tar.xz
 Source1: https://curl.se/download/%{name}-%{version}.tar.xz.asc
@ -10,6 +10,9 @@ Source1: https://curl.se/download/%{name}-%{version}.tar.xz.asc
 # which points to the GPG key as of April 7th 2016 of https://daniel.haxx.se/mykey.asc
 Source2: mykey.asc

+# http2: set drain on stream end
+Patch1:   0001-curl-7.88.0-http2-drain.patch
+
 # patch making libcurl multilib ready
 Patch101: 0101-curl-7.32.0-multilib.patch

@ -203,6 +206,7 @@ be installed.
 %setup -q

 # upstream patches
+%patch1 -p1

 # Fedora patches
 %patch101 -p1
@ -438,6 +442,9 @@ rm -f ${RPM_BUILD_ROOT}%{_libdir}/libcurl.la
 %{_libdir}/libcurl.so.4.[0-9].[0-9].minimal

 %changelog
+* Fri Feb 17 2023 Kamil Dudka <kdudka@redhat.com> - 7.88.0-2
+- http2: set drain on stream end
+
 * Wed Feb 15 2023 Kamil Dudka <kdudka@redhat.com> - 7.88.0-1
 - new upstream release, which fixes the following vulnerabilities
    CVE-2023-23916 - HTTP multi-header compression denial of service