Uploaded image for project: 'WildFly'
  1. WildFly
  2. WFLY-12305

HPACK decoding huffman-encoded string with EOS symbol

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Duplicate
    • Icon: Major Major
    • None
    • 17.0.1.Final
    • Web (Undertow)
    • None
    • Hide
      1. Obtain latest release of h2spec testsuite - either by manual compilation or directly download prepared release.
      2. get and start WildFly 
        ./bin/standalone.sh
      3. execute relevant HPACK tests 
        ./h2spec -k -h 127.0.0.1 -p 8443 -t hpack/5.2
      4. see one failing test
      Show
      Obtain latest release of h2spec testsuite - either by manual compilation or directly download prepared release . get and start WildFly ./bin/standalone.sh execute relevant HPACK tests ./h2spec -k -h 127.0.0.1 -p 8443 -t hpack/5.2 see one failing test

      During the HTTP2 communication where HPACK is utilized, when client sends inappropriate huffman-encoded string containing EOS symbol, server side is supposed to respond with GOAWAY - compression error, although current implementation of Undertow simply continues and sends DATA frame instead. Relevant RFC section.

      Note that this issue is probably present for long time in Undertow. Current test started to fail after recent fix in the test itself, see here.

      Test output
      HPACK: Header Compression for HTTP/2
  5. Primitive Type Representations
    5.2. String Literal Representation
      × 3: Sends a Huffman-encoded string literal representation containing the EOS symbol
        -> The endpoint MUST treat this as a decoding error.
           Expected: GOAWAY Frame (Error Code: COMPRESSION_ERROR)
                     Connection closed
             Actual: DATA Frame (length:1496, flags:0x01, stream_id:1)

              mjusko@redhat.com Marek Jusko
              jstourac@redhat.com Jan Stourac
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

                Created:
                Updated:
                Resolved: