envoyproxy · yanavlasov · Oct 28, 2020 · Sep 29, 2020 · Sep 30, 2020 · Sep 30, 2020
diff --git a/source/common/http/BUILD b/source/common/http/BUILD
@@ -385,6 +385,7 @@ envoy_cc_library(
         "//source/common/common:assert_lib",
         "//source/common/common:empty_string",
         "//source/common/common:enum_to_int",
+        "//source/common/common:statusor_lib",
         "//source/common/common:utility_lib",
         "//source/common/grpc:status_lib",
         "//source/common/json:json_loader_lib",

diff --git a/source/common/http/http1/codec_impl.cc b/source/common/http/http1/codec_impl.cc
@@ -346,6 +346,8 @@ void ResponseEncoderImpl::encodeHeaders(const ResponseHeaderMap& headers, bool e
 
   // The contract is that client codecs must ensure that :status is present.
   ASSERT(headers.Status() != nullptr);
+  // encodeHeaders() is not supposed to throw any exceptions. This will crash on a release assert if
+  // response status is invalid.
   uint64_t numeric_status = Utility::getResponseStatus(headers);
 
   if (connection_.protocol() == Protocol::Http10 && connection_.supportsHttp10()) {

diff --git a/source/common/http/http2/codec_impl.cc b/source/common/http/http2/codec_impl.cc
@@ -296,9 +296,14 @@ void ConnectionImpl::StreamImpl::pendingRecvBufferLowWatermark() {
   readDisable(false);
 }
 
-void ConnectionImpl::ClientStreamImpl::decodeHeaders() {
+Status ConnectionImpl::ClientStreamImpl::decodeHeaders() {
   auto& headers = absl::get<ResponseHeaderMapPtr>(headers_or_trailers_);
-  const uint64_t status = Http::Utility::getResponseStatus(*headers);
+
+  auto response_status_or_absl_status = Http::Utility::getResponseStatusOr(*headers);
+  if (!response_status_or_absl_status.ok()) {
+    return codecClientError(response_status_or_absl_status.status().message());
+  }
+  const uint64_t status = response_status_or_absl_status.value();
 
   if (!upgrade_type_.empty() && headers->Status()) {
     Http::Utility::transformUpgradeResponseFromH2toH1(*headers, upgrade_type_);
@@ -315,19 +320,21 @@ void ConnectionImpl::ClientStreamImpl::decodeHeaders() {
   } else {
     response_decoder_.decodeHeaders(std::move(headers), remote_end_stream_);
   }
+  return okStatus();
 }
 
 void ConnectionImpl::ClientStreamImpl::decodeTrailers() {
   response_decoder_.decodeTrailers(
       std::move(absl::get<ResponseTrailerMapPtr>(headers_or_trailers_)));
 }
 
-void ConnectionImpl::ServerStreamImpl::decodeHeaders() {
+Status ConnectionImpl::ServerStreamImpl::decodeHeaders() {
   auto& headers = absl::get<RequestHeaderMapPtr>(headers_or_trailers_);
   if (Http::Utility::isH2UpgradeRequest(*headers)) {
     Http::Utility::transformUpgradeRequestFromH2toH1(*headers);
   }
   request_decoder_->decodeHeaders(std::move(headers), remote_end_stream_);
+  return okStatus();
 }
 
 void ConnectionImpl::ServerStreamImpl::decodeTrailers() {
@@ -783,7 +790,7 @@ Status ConnectionImpl::onFrameReceived(const nghttp2_frame* frame) {
     switch (frame->headers.cat) {
     case NGHTTP2_HCAT_RESPONSE:
     case NGHTTP2_HCAT_REQUEST: {
-      stream->decodeHeaders();
+      RETURN_IF_ERROR(stream->decodeHeaders());
       break;
     }
 
@@ -797,7 +804,7 @@ Status ConnectionImpl::onFrameReceived(const nghttp2_frame* frame) {
           stream->decodeTrailers();
         } else {
           // We're a client session and still waiting for non-informational headers.
-          stream->decodeHeaders();
+          RETURN_IF_ERROR(stream->decodeHeaders());
         }
       }
       break;

diff --git a/source/common/http/http2/codec_impl.h b/source/common/http/http2/codec_impl.h
@@ -258,7 +258,7 @@ class ConnectionImpl : public virtual Connection, protected Logger::Loggable<Log
 
     // Does any necessary WebSocket/Upgrade conversion, then passes the headers
     // to the decoder_.
-    virtual void decodeHeaders() PURE;
+    virtual Status decodeHeaders() PURE;
     virtual void decodeTrailers() PURE;
 
     // Get MetadataEncoder for this stream.
@@ -318,7 +318,7 @@ class ConnectionImpl : public virtual Connection, protected Logger::Loggable<Log
     void submitHeaders(const std::vector<nghttp2_nv>& final_headers,
                        nghttp2_data_provider* provider) override;
     StreamDecoder& decoder() override { return response_decoder_; }
-    void decodeHeaders() override;
+    Status decodeHeaders() override;
     void decodeTrailers() override;
     HeaderMap& headers() override {
       if (absl::holds_alternative<ResponseHeaderMapPtr>(headers_or_trailers_)) {
@@ -368,7 +368,7 @@ class ConnectionImpl : public virtual Connection, protected Logger::Loggable<Log
     void submitHeaders(const std::vector<nghttp2_nv>& final_headers,
                        nghttp2_data_provider* provider) override;
     StreamDecoder& decoder() override { return *request_decoder_; }
-    void decodeHeaders() override;
+    Status decodeHeaders() override;
     void decodeTrailers() override;
     HeaderMap& headers() override {
       if (absl::holds_alternative<RequestHeaderMapPtr>(headers_or_trailers_)) {

diff --git a/source/common/http/utility.cc b/source/common/http/utility.cc
@@ -29,6 +29,7 @@
 #include "absl/strings/str_cat.h"
 #include "absl/strings/str_split.h"
 #include "absl/strings/string_view.h"
+#include "absl/types/optional.h"
 #include "nghttp2/nghttp2.h"
 
 namespace Envoy {
@@ -369,10 +370,17 @@ std::string Utility::makeSetCookieValue(const std::string& key, const std::strin
 }
 
 uint64_t Utility::getResponseStatus(const ResponseHeaderMap& headers) {
+  absl::StatusOr<uint64_t> response_status_or_absl_status = getResponseStatusOr(headers);
+  RELEASE_ASSERT(response_status_or_absl_status.ok(),
+                 ":status must be specified and a valid unsigned long");
+  return response_status_or_absl_status.value();
+}
+
+absl::StatusOr<uint64_t> Utility::getResponseStatusOr(const ResponseHeaderMap& headers) {
   const HeaderEntry* header = headers.Status();
   uint64_t response_code;
   if (!header || !absl::SimpleAtoi(headers.getStatusValue(), &response_code)) {
-    throw CodecClientException(":status must be specified and a valid unsigned long");
+    return absl::InvalidArgumentError(":status must be specified and a valid unsigned long");
   }
   return response_code;
 }

diff --git a/source/common/http/utility.h b/source/common/http/utility.h
@@ -13,6 +13,7 @@
 #include "envoy/http/metadata_interface.h"
 #include "envoy/http/query_params.h"
 
+#include "common/common/statusor.h"
 #include "common/http/exception.h"
 #include "common/http/status.h"
 #include "common/json/json_loader.h"
@@ -238,10 +239,13 @@ std::string makeSetCookieValue(const std::string& key, const std::string& value,
 /**
  * Get the response status from the response headers.
  * @param headers supplies the headers to get the status from.
- * @return uint64_t the response code or throws an exception if the headers are invalid.
+ * @return uint64_t the response code and release asserts if the
+ * headers are invalid.
  */
 uint64_t getResponseStatus(const ResponseHeaderMap& headers);
 
+absl::StatusOr<uint64_t> getResponseStatusOr(const ResponseHeaderMap& headers);
+
 /**
  * Determine whether these headers are a valid Upgrade request or response.
  * This function returns true if the following HTTP headers and values are present: