Skip to content

Commit

Permalink
[1.4] build: bump nghttp2 to 1.41.0. (envoyproxy#11412) (envoyproxy#30)…
Browse files Browse the repository at this point in the history 
… (envoyproxy#226)

* build: bump nghttp2 to 1.41.0. (envoyproxy#11412)

See release notes at
https://github.com/nghttp2/nghttp2/releases/tag/v1.41.0.

This addresses
GHSA-q5wr-xfw9-q7xr.

Signed-off-by: Harvey Tuch <htuch@google.com>
Signed-off-by: Yuchen Dai <silentdai@gmail.com>

* build: bump nghttp2 to 1.41.0. (envoyproxy#11412)

See release notes at
https://github.com/nghttp2/nghttp2/releases/tag/v1.41.0.

This addresses
GHSA-q5wr-xfw9-q7xr.

Set nghttp2 internal flood mitigation threshold back to 10K to avoid any
changes in Envoy's codec behavior.

Signed-off-by: Harvey Tuch <htuch@google.com>
Signed-off-by: Yan Avlasov <yavlasov@google.com>
Signed-off-by: Piotr Sikora <piotrsikora@google.com>

Co-authored-by: htuch <htuch@users.noreply.github.com>

Co-authored-by: Yuchen Dai <silentdai@gmail.com>
Co-authored-by: htuch <htuch@users.noreply.github.com>
  • Loading branch information
@jacob-delgado @lambdai @htuch
3 people authored Jun 16, 2020
1 parent d6555b0 commit 2e62d8f
Show file tree
Hide file tree
Showing 5 changed files with 21 additions and 233 deletions.
223 changes: 0 additions & 223 deletions bazel/foreign_cc/nghttp2.patch
View file
Original file line number Diff line number Diff line change
Expand Up @@ -15,226 +15,3 @@ index 35c77d1d..47bd63f5 100644
endif()
# AC_TYPE_UINT8_T
# AC_TYPE_UINT16_T
diff --git a/doc/Makefile.am b/doc/Makefile.am
index c17d93382..4d73cef50 100644
--- a/doc/Makefile.am
+++ b/doc/Makefile.am
@@ -27,6 +27,7 @@ APIDOCS= \
macros.rst \
enums.rst \
types.rst \
+ nghttp2_check_authority.rst \
nghttp2_check_header_name.rst \
nghttp2_check_header_value.rst \
nghttp2_hd_deflate_bound.rst \
diff --git a/lib/includes/nghttp2/nghttp2.h b/lib/includes/nghttp2/nghttp2.h
index 313fb23da..e3aeb9fed 100644
--- a/lib/includes/nghttp2/nghttp2.h
+++ b/lib/includes/nghttp2/nghttp2.h
@@ -4769,6 +4769,19 @@ NGHTTP2_EXTERN int nghttp2_check_header_name(const uint8_t *name, size_t len);
*/
NGHTTP2_EXTERN int nghttp2_check_header_value(const uint8_t *value, size_t len);

+/**
+ * @function
+ *
+ * Returns nonzero if the |value| which is supposed to the value of
+ * :authority or host header field is valid according to
+ * https://tools.ietf.org/html/rfc3986#section-3.2
+ *
+ * |value| is valid if it merely consists of the allowed characters.
+ * In particular, it does not check whether |value| follows the syntax
+ * of authority.
+ */
+NGHTTP2_EXTERN int nghttp2_check_authority(const uint8_t *value, size_t len);
+
/* HPACK API */

struct nghttp2_hd_deflater;
diff --git a/lib/nghttp2_helper.c b/lib/nghttp2_helper.c
index 81a8a0cf9..91136a619 100644
--- a/lib/nghttp2_helper.c
+++ b/lib/nghttp2_helper.c
@@ -505,6 +505,84 @@ int nghttp2_check_header_value(const uint8_t *value, size_t len) {
return 1;
}

+/* Generated by genauthroitychartbl.py */
+static char VALID_AUTHORITY_CHARS[] = {
+ 0 /* NUL */, 0 /* SOH */, 0 /* STX */, 0 /* ETX */,
+ 0 /* EOT */, 0 /* ENQ */, 0 /* ACK */, 0 /* BEL */,
+ 0 /* BS */, 0 /* HT */, 0 /* LF */, 0 /* VT */,
+ 0 /* FF */, 0 /* CR */, 0 /* SO */, 0 /* SI */,
+ 0 /* DLE */, 0 /* DC1 */, 0 /* DC2 */, 0 /* DC3 */,
+ 0 /* DC4 */, 0 /* NAK */, 0 /* SYN */, 0 /* ETB */,
+ 0 /* CAN */, 0 /* EM */, 0 /* SUB */, 0 /* ESC */,
+ 0 /* FS */, 0 /* GS */, 0 /* RS */, 0 /* US */,
+ 0 /* SPC */, 1 /* ! */, 0 /* " */, 0 /* # */,
+ 1 /* $ */, 1 /* % */, 1 /* & */, 1 /* ' */,
+ 1 /* ( */, 1 /* ) */, 1 /* * */, 1 /* + */,
+ 1 /* , */, 1 /* - */, 1 /* . */, 0 /* / */,
+ 1 /* 0 */, 1 /* 1 */, 1 /* 2 */, 1 /* 3 */,
+ 1 /* 4 */, 1 /* 5 */, 1 /* 6 */, 1 /* 7 */,
+ 1 /* 8 */, 1 /* 9 */, 1 /* : */, 1 /* ; */,
+ 0 /* < */, 1 /* = */, 0 /* > */, 0 /* ? */,
+ 1 /* @ */, 1 /* A */, 1 /* B */, 1 /* C */,
+ 1 /* D */, 1 /* E */, 1 /* F */, 1 /* G */,
+ 1 /* H */, 1 /* I */, 1 /* J */, 1 /* K */,
+ 1 /* L */, 1 /* M */, 1 /* N */, 1 /* O */,
+ 1 /* P */, 1 /* Q */, 1 /* R */, 1 /* S */,
+ 1 /* T */, 1 /* U */, 1 /* V */, 1 /* W */,
+ 1 /* X */, 1 /* Y */, 1 /* Z */, 1 /* [ */,
+ 0 /* \ */, 1 /* ] */, 0 /* ^ */, 1 /* _ */,
+ 0 /* ` */, 1 /* a */, 1 /* b */, 1 /* c */,
+ 1 /* d */, 1 /* e */, 1 /* f */, 1 /* g */,
+ 1 /* h */, 1 /* i */, 1 /* j */, 1 /* k */,
+ 1 /* l */, 1 /* m */, 1 /* n */, 1 /* o */,
+ 1 /* p */, 1 /* q */, 1 /* r */, 1 /* s */,
+ 1 /* t */, 1 /* u */, 1 /* v */, 1 /* w */,
+ 1 /* x */, 1 /* y */, 1 /* z */, 0 /* { */,
+ 0 /* | */, 0 /* } */, 1 /* ~ */, 0 /* DEL */,
+ 0 /* 0x80 */, 0 /* 0x81 */, 0 /* 0x82 */, 0 /* 0x83 */,
+ 0 /* 0x84 */, 0 /* 0x85 */, 0 /* 0x86 */, 0 /* 0x87 */,
+ 0 /* 0x88 */, 0 /* 0x89 */, 0 /* 0x8a */, 0 /* 0x8b */,
+ 0 /* 0x8c */, 0 /* 0x8d */, 0 /* 0x8e */, 0 /* 0x8f */,
+ 0 /* 0x90 */, 0 /* 0x91 */, 0 /* 0x92 */, 0 /* 0x93 */,
+ 0 /* 0x94 */, 0 /* 0x95 */, 0 /* 0x96 */, 0 /* 0x97 */,
+ 0 /* 0x98 */, 0 /* 0x99 */, 0 /* 0x9a */, 0 /* 0x9b */,
+ 0 /* 0x9c */, 0 /* 0x9d */, 0 /* 0x9e */, 0 /* 0x9f */,
+ 0 /* 0xa0 */, 0 /* 0xa1 */, 0 /* 0xa2 */, 0 /* 0xa3 */,
+ 0 /* 0xa4 */, 0 /* 0xa5 */, 0 /* 0xa6 */, 0 /* 0xa7 */,
+ 0 /* 0xa8 */, 0 /* 0xa9 */, 0 /* 0xaa */, 0 /* 0xab */,
+ 0 /* 0xac */, 0 /* 0xad */, 0 /* 0xae */, 0 /* 0xaf */,
+ 0 /* 0xb0 */, 0 /* 0xb1 */, 0 /* 0xb2 */, 0 /* 0xb3 */,
+ 0 /* 0xb4 */, 0 /* 0xb5 */, 0 /* 0xb6 */, 0 /* 0xb7 */,
+ 0 /* 0xb8 */, 0 /* 0xb9 */, 0 /* 0xba */, 0 /* 0xbb */,
+ 0 /* 0xbc */, 0 /* 0xbd */, 0 /* 0xbe */, 0 /* 0xbf */,
+ 0 /* 0xc0 */, 0 /* 0xc1 */, 0 /* 0xc2 */, 0 /* 0xc3 */,
+ 0 /* 0xc4 */, 0 /* 0xc5 */, 0 /* 0xc6 */, 0 /* 0xc7 */,
+ 0 /* 0xc8 */, 0 /* 0xc9 */, 0 /* 0xca */, 0 /* 0xcb */,
+ 0 /* 0xcc */, 0 /* 0xcd */, 0 /* 0xce */, 0 /* 0xcf */,
+ 0 /* 0xd0 */, 0 /* 0xd1 */, 0 /* 0xd2 */, 0 /* 0xd3 */,
+ 0 /* 0xd4 */, 0 /* 0xd5 */, 0 /* 0xd6 */, 0 /* 0xd7 */,
+ 0 /* 0xd8 */, 0 /* 0xd9 */, 0 /* 0xda */, 0 /* 0xdb */,
+ 0 /* 0xdc */, 0 /* 0xdd */, 0 /* 0xde */, 0 /* 0xdf */,
+ 0 /* 0xe0 */, 0 /* 0xe1 */, 0 /* 0xe2 */, 0 /* 0xe3 */,
+ 0 /* 0xe4 */, 0 /* 0xe5 */, 0 /* 0xe6 */, 0 /* 0xe7 */,
+ 0 /* 0xe8 */, 0 /* 0xe9 */, 0 /* 0xea */, 0 /* 0xeb */,
+ 0 /* 0xec */, 0 /* 0xed */, 0 /* 0xee */, 0 /* 0xef */,
+ 0 /* 0xf0 */, 0 /* 0xf1 */, 0 /* 0xf2 */, 0 /* 0xf3 */,
+ 0 /* 0xf4 */, 0 /* 0xf5 */, 0 /* 0xf6 */, 0 /* 0xf7 */,
+ 0 /* 0xf8 */, 0 /* 0xf9 */, 0 /* 0xfa */, 0 /* 0xfb */,
+ 0 /* 0xfc */, 0 /* 0xfd */, 0 /* 0xfe */, 0 /* 0xff */
+};
+
+int nghttp2_check_authority(const uint8_t *value, size_t len) {
+ const uint8_t *last;
+ for (last = value + len; value != last; ++value) {
+ if (!VALID_AUTHORITY_CHARS[*value]) {
+ return 0;
+ }
+ }
+ return 1;
+}
+
uint8_t *nghttp2_cpymem(uint8_t *dest, const void *src, size_t len) {
if (len == 0) {
return dest;
diff --git a/lib/nghttp2_http.c b/lib/nghttp2_http.c
index 8d9902998..62f57b6ae 100644
--- a/lib/nghttp2_http.c
+++ b/lib/nghttp2_http.c
@@ -305,84 +305,6 @@ static int http_response_on_header(nghttp2_stream *stream, nghttp2_hd_nv *nv,
return 0;
}

-/* Generated by genauthroitychartbl.py */
-static char VALID_AUTHORITY_CHARS[] = {
- 0 /* NUL */, 0 /* SOH */, 0 /* STX */, 0 /* ETX */,
- 0 /* EOT */, 0 /* ENQ */, 0 /* ACK */, 0 /* BEL */,
- 0 /* BS */, 0 /* HT */, 0 /* LF */, 0 /* VT */,
- 0 /* FF */, 0 /* CR */, 0 /* SO */, 0 /* SI */,
- 0 /* DLE */, 0 /* DC1 */, 0 /* DC2 */, 0 /* DC3 */,
- 0 /* DC4 */, 0 /* NAK */, 0 /* SYN */, 0 /* ETB */,
- 0 /* CAN */, 0 /* EM */, 0 /* SUB */, 0 /* ESC */,
- 0 /* FS */, 0 /* GS */, 0 /* RS */, 0 /* US */,
- 0 /* SPC */, 1 /* ! */, 0 /* " */, 0 /* # */,
- 1 /* $ */, 1 /* % */, 1 /* & */, 1 /* ' */,
- 1 /* ( */, 1 /* ) */, 1 /* * */, 1 /* + */,
- 1 /* , */, 1 /* - */, 1 /* . */, 0 /* / */,
- 1 /* 0 */, 1 /* 1 */, 1 /* 2 */, 1 /* 3 */,
- 1 /* 4 */, 1 /* 5 */, 1 /* 6 */, 1 /* 7 */,
- 1 /* 8 */, 1 /* 9 */, 1 /* : */, 1 /* ; */,
- 0 /* < */, 1 /* = */, 0 /* > */, 0 /* ? */,
- 1 /* @ */, 1 /* A */, 1 /* B */, 1 /* C */,
- 1 /* D */, 1 /* E */, 1 /* F */, 1 /* G */,
- 1 /* H */, 1 /* I */, 1 /* J */, 1 /* K */,
- 1 /* L */, 1 /* M */, 1 /* N */, 1 /* O */,
- 1 /* P */, 1 /* Q */, 1 /* R */, 1 /* S */,
- 1 /* T */, 1 /* U */, 1 /* V */, 1 /* W */,
- 1 /* X */, 1 /* Y */, 1 /* Z */, 1 /* [ */,
- 0 /* \ */, 1 /* ] */, 0 /* ^ */, 1 /* _ */,
- 0 /* ` */, 1 /* a */, 1 /* b */, 1 /* c */,
- 1 /* d */, 1 /* e */, 1 /* f */, 1 /* g */,
- 1 /* h */, 1 /* i */, 1 /* j */, 1 /* k */,
- 1 /* l */, 1 /* m */, 1 /* n */, 1 /* o */,
- 1 /* p */, 1 /* q */, 1 /* r */, 1 /* s */,
- 1 /* t */, 1 /* u */, 1 /* v */, 1 /* w */,
- 1 /* x */, 1 /* y */, 1 /* z */, 0 /* { */,
- 0 /* | */, 0 /* } */, 1 /* ~ */, 0 /* DEL */,
- 0 /* 0x80 */, 0 /* 0x81 */, 0 /* 0x82 */, 0 /* 0x83 */,
- 0 /* 0x84 */, 0 /* 0x85 */, 0 /* 0x86 */, 0 /* 0x87 */,
- 0 /* 0x88 */, 0 /* 0x89 */, 0 /* 0x8a */, 0 /* 0x8b */,
- 0 /* 0x8c */, 0 /* 0x8d */, 0 /* 0x8e */, 0 /* 0x8f */,
- 0 /* 0x90 */, 0 /* 0x91 */, 0 /* 0x92 */, 0 /* 0x93 */,
- 0 /* 0x94 */, 0 /* 0x95 */, 0 /* 0x96 */, 0 /* 0x97 */,
- 0 /* 0x98 */, 0 /* 0x99 */, 0 /* 0x9a */, 0 /* 0x9b */,
- 0 /* 0x9c */, 0 /* 0x9d */, 0 /* 0x9e */, 0 /* 0x9f */,
- 0 /* 0xa0 */, 0 /* 0xa1 */, 0 /* 0xa2 */, 0 /* 0xa3 */,
- 0 /* 0xa4 */, 0 /* 0xa5 */, 0 /* 0xa6 */, 0 /* 0xa7 */,
- 0 /* 0xa8 */, 0 /* 0xa9 */, 0 /* 0xaa */, 0 /* 0xab */,
- 0 /* 0xac */, 0 /* 0xad */, 0 /* 0xae */, 0 /* 0xaf */,
- 0 /* 0xb0 */, 0 /* 0xb1 */, 0 /* 0xb2 */, 0 /* 0xb3 */,
- 0 /* 0xb4 */, 0 /* 0xb5 */, 0 /* 0xb6 */, 0 /* 0xb7 */,
- 0 /* 0xb8 */, 0 /* 0xb9 */, 0 /* 0xba */, 0 /* 0xbb */,
- 0 /* 0xbc */, 0 /* 0xbd */, 0 /* 0xbe */, 0 /* 0xbf */,
- 0 /* 0xc0 */, 0 /* 0xc1 */, 0 /* 0xc2 */, 0 /* 0xc3 */,
- 0 /* 0xc4 */, 0 /* 0xc5 */, 0 /* 0xc6 */, 0 /* 0xc7 */,
- 0 /* 0xc8 */, 0 /* 0xc9 */, 0 /* 0xca */, 0 /* 0xcb */,
- 0 /* 0xcc */, 0 /* 0xcd */, 0 /* 0xce */, 0 /* 0xcf */,
- 0 /* 0xd0 */, 0 /* 0xd1 */, 0 /* 0xd2 */, 0 /* 0xd3 */,
- 0 /* 0xd4 */, 0 /* 0xd5 */, 0 /* 0xd6 */, 0 /* 0xd7 */,
- 0 /* 0xd8 */, 0 /* 0xd9 */, 0 /* 0xda */, 0 /* 0xdb */,
- 0 /* 0xdc */, 0 /* 0xdd */, 0 /* 0xde */, 0 /* 0xdf */,
- 0 /* 0xe0 */, 0 /* 0xe1 */, 0 /* 0xe2 */, 0 /* 0xe3 */,
- 0 /* 0xe4 */, 0 /* 0xe5 */, 0 /* 0xe6 */, 0 /* 0xe7 */,
- 0 /* 0xe8 */, 0 /* 0xe9 */, 0 /* 0xea */, 0 /* 0xeb */,
- 0 /* 0xec */, 0 /* 0xed */, 0 /* 0xee */, 0 /* 0xef */,
- 0 /* 0xf0 */, 0 /* 0xf1 */, 0 /* 0xf2 */, 0 /* 0xf3 */,
- 0 /* 0xf4 */, 0 /* 0xf5 */, 0 /* 0xf6 */, 0 /* 0xf7 */,
- 0 /* 0xf8 */, 0 /* 0xf9 */, 0 /* 0xfa */, 0 /* 0xfb */,
- 0 /* 0xfc */, 0 /* 0xfd */, 0 /* 0xfe */, 0 /* 0xff */
-};
-
-static int check_authority(const uint8_t *value, size_t len) {
- const uint8_t *last;
- for (last = value + len; value != last; ++value) {
- if (!VALID_AUTHORITY_CHARS[*value]) {
- return 0;
- }
- }
- return 1;
-}
-
static int check_scheme(const uint8_t *value, size_t len) {
const uint8_t *last;
if (len == 0) {
@@ -440,7 +362,7 @@ int nghttp2_http_on_header(nghttp2_session *session, nghttp2_stream *stream,

if (nv->token == NGHTTP2_TOKEN__AUTHORITY ||
nv->token == NGHTTP2_TOKEN_HOST) {
- rv = check_authority(nv->value->base, nv->value->len);
+ rv = nghttp2_check_authority(nv->value->base, nv->value->len);
} else if (nv->token == NGHTTP2_TOKEN__SCHEME) {
rv = check_scheme(nv->value->base, nv->value->len);
} else {
6 changes: 3 additions & 3 deletions bazel/repository_locations.bzl
View file
Original file line number Diff line number Diff line change
Expand Up @@ -118,9 +118,9 @@ REPOSITORY_LOCATIONS = dict(
urls = ["https://github.com/nanopb/nanopb/archive/0.3.9.4.tar.gz"],
),
com_github_nghttp2_nghttp2 = dict(
sha256 = "25b623cd04dc6a863ca3b34ed6247844effe1aa5458229590b3f56a6d53cd692",
strip_prefix = "nghttp2-1.39.1",
urls = ["https://github.com/nghttp2/nghttp2/releases/download/v1.39.1/nghttp2-1.39.1.tar.gz"],
sha256 = "eacc6f0f8543583ecd659faf0a3f906ed03826f1d4157b536b4b385fe47c5bb8",
strip_prefix = "nghttp2-1.41.0",
urls = ["https://github.com/nghttp2/nghttp2/releases/download/v1.41.0/nghttp2-1.41.0.tar.gz"],
),
io_opentracing_cpp = dict(
sha256 = "015c4187f7a6426a2b5196f0ccd982aa87f010cf61f507ae3ce5c90523f92301",
Expand Down
7 changes: 7 additions & 0 deletions source/common/http/http2/codec_impl.cc
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1066,6 +1066,13 @@ ConnectionImpl::Http2Options::Http2Options(const Http2Settings& http2_settings)
if (http2_settings.allow_metadata_) {
nghttp2_option_set_user_recv_extension_type(options_, METADATA_FRAME_TYPE);
}

// nghttp2 v1.39.2 lowered the internal flood protection limit from 10K to 1K of ACK frames. This
// new limit may cause the internal nghttp2 mitigation to trigger more often (as it requires just
// 9K of incoming bytes for smallest 9 byte SETTINGS frame), bypassing the same mitigation and its
// associated behavior in the envoy HTTP/2 codec. Since envoy does not rely on this mitigation,
// set back to the old 10K number to avoid any changes in the HTTP/2 codec behavior.
nghttp2_option_set_max_outbound_ack(options_, 10000);
}

ConnectionImpl::Http2Options::~Http2Options() { nghttp2_option_del(options_); }
Expand Down
17 changes: 10 additions & 7 deletions test/integration/http2_integration_test.cc
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1440,16 +1440,19 @@ const int64_t TransmitThreshold = 100 * 1024 * 1024;
} // namespace

void Http2FloodMitigationTest::setNetworkConnectionBufferSize() {
// nghttp2 library has its own internal mitigation for outbound control frames. The mitigation is
// triggered when there are more than 10000 PING or SETTINGS frames with ACK flag in the nghttp2
// internal outbound queue. It is possible to trigger this mitigation in nghttp2 before triggering
// Envoy's own flood mitigation. This can happen when a buffer larger enough to contain over 10K
// PING or SETTINGS frames is dispatched to the nghttp2 library. To prevent this from happening
// the network connection receive buffer needs to be smaller than 90Kb (which is 10K SETTINGS
// frames). Set it to the arbitrarily chosen value of 32K.
// nghttp2 library has its own internal mitigation for outbound control frames (see
// NGHTTP2_DEFAULT_MAX_OBQ_FLOOD_ITEM). The default nghttp2 mitigation threshold of 1K is modified
// to 10K in the ConnectionImpl::Http2Options::Http2Options. The mitigation is triggered when
// there are more than 10000 PING or SETTINGS frames with ACK flag in the nghttp2 internal
// outbound queue. It is possible to trigger this mitigation in nghttp2 before triggering Envoy's
// own flood mitigation. This can happen when a buffer large enough to contain over 10K PING or
// SETTINGS frames is dispatched to the nghttp2 library. To prevent this from happening the
// network connection receive buffer needs to be smaller than 90Kb (which is 10K SETTINGS frames).
// Set it to the arbitrarily chosen value of 32K. Note that this buffer has 16K lower bound.
config_helper_.addConfigModifier([](envoy::config::bootstrap::v2::Bootstrap& bootstrap) -> void {
RELEASE_ASSERT(bootstrap.mutable_static_resources()->listeners_size() >= 1, "");
auto* listener = bootstrap.mutable_static_resources()->mutable_listeners(0);

listener->mutable_per_connection_buffer_limit_bytes()->set_value(32 * 1024);
});
}
Expand Down
1 change: 1 addition & 0 deletions tools/spelling_dictionary.txt
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1123,3 +1123,4 @@ zag
zig
zipkin
zlib
OBQ

0 comments on commit 2e62d8f

Please sign in to comment.