Skip to content

transport: http2 server must validates header list size when early aborting stream#8769

Merged
arjan-bal merged 5 commits intogrpc:masterfrom
DataDog:joy.bestourous/header-check
Jan 8, 2026
Merged

transport: http2 server must validates header list size when early aborting stream#8769
arjan-bal merged 5 commits intogrpc:masterfrom
DataDog:joy.bestourous/header-check

Conversation

@joybestourous
Copy link
Copy Markdown
Contributor

@joybestourous joybestourous commented Dec 12, 2025

Modifies earlyAbortStreamHandler to include check the header list size when early aborting, and returns a RST_STREAM if the max size is exceeded.

Fixes #8766

RELEASE NOTES:

  • transport: http2 server now validates header list size when early aborting stream

@codecov
Copy link
Copy Markdown

codecov Bot commented Dec 12, 2025
edited
Loading

Codecov Report

❌ Patch coverage is 87.50000% with 5 lines in your changes missing coverage. Please review.
✅ Project coverage is 83.32%. Comparing base (489f1f6) to head (fdf518c).
⚠️ Report is 18 commits behind head on master.

Files with missing lines Patch % Lines
internal/transport/http2_server.go 93.75% 1 Missing and 1 partial ⚠️
test/servertester.go 71.42% 1 Missing and 1 partial ⚠️
internal/transport/controlbuf.go 0.00% 0 Missing and 1 partial ⚠️
Additional details and impacted files 
@@            Coverage Diff             @@
##           master    #8769      +/-   ##
==========================================
- Coverage   83.42%   83.32%   -0.11%     
==========================================
  Files         419      418       -1     
  Lines       32556    32875     +319     
==========================================
+ Hits        27161    27394     +233     
- Misses       4015     4086      +71     
- Partials     1380     1395      +15
Files with missing lines Coverage Δ
internal/transport/controlbuf.go 90.60% <0.00%> (+1.98%) ⬆️
internal/transport/http2_server.go 90.91% <93.75%> (-0.16%) ⬇️
test/servertester.go 62.27% <71.42%> (+0.16%) ⬆️

... and 39 files with indirect coverage changes

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

@eshitachandwani eshitachandwani self-requested a review December 16, 2025 04:25
@eshitachandwani eshitachandwani self-assigned this Dec 16, 2025
@easwars easwars added Type: Bug Area: Transport Includes HTTP/2 client/server and HTTP server handler transports and advanced transport features. labels Dec 16, 2025
@easwars easwars added this to the 1.79 Release milestone Dec 16, 2025
@easwars easwars removed their assignment Dec 16, 2025
@easwars easwars removed the request for review from eshitachandwani December 16, 2025 20:00
@easwars easwars assigned arjan-bal and unassigned eshitachandwani Dec 16, 2025
@easwars
Copy link
Copy Markdown
Contributor

easwars commented Dec 16, 2025

@eshitachandwani: I'm moving this to @arjan-bal for second review as he was the one who filed the issue in the first place.

arjan-bal
arjan-bal reviewed Dec 17, 2025
View reviewed changes
Comment thread internal/transport/http2_server.go Outdated
@arjan-bal arjan-bal assigned joybestourous and unassigned arjan-bal Dec 17, 2025
@joybestourous joybestourous force-pushed the joy.bestourous/header-check branch from 41d5c22 to 2ceced5 Compare December 18, 2025 20:57
@joybestourous joybestourous removed their assignment Dec 18, 2025
@arjan-bal arjan-bal self-assigned this Dec 19, 2025
arjan-bal
arjan-bal reviewed Dec 22, 2025
View reviewed changes
Copy link
Copy Markdown
Contributor

@arjan-bal arjan-bal left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Mostly looks good, left some minor comments.

Comment thread internal/transport/http2_server.go
Comment thread internal/transport/http2_server.go Outdated
Comment on lines +972 to +938
func (t *http2Server) checkForHeaderListSize(it any) bool {
if t.maxSendHeaderListSize == nil {
// checkForHeaderListSize checks if the header list size exceeds the limit set
// by the peer. It returns false if the limit is exceeded.
func checkForHeaderListSize(hf []hpack.HeaderField, maxSendHeaderListSize *uint32) bool {
Copy link
Copy Markdown
Contributor

@arjan-bal arjan-bal Dec 22, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Instead of adding a new function that accepts a []hpack.HeaderField, can the existing method be updated to func (t *http2Server) checkForHeaderListSize(hf []hpack.HeaderField) bool?

That should make diff smaller.

Comment thread internal/transport/http2_server.go Outdated
Comment thread internal/transport/http2_server.go Outdated
}

// buildEarlyAbortHF builds the header fields for an early abort response.
func buildEarlyAbortHF(httpStatus uint32, contentSubtype string, stat *status.Status) []hpack.HeaderField {
Copy link
Copy Markdown
Contributor

@arjan-bal arjan-bal Dec 22, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

nit: Since there's only one caller for this function, can we merge it into writeEarlyAbort? We can split the method in the future if it becomes too long.

@arjan-bal arjan-bal assigned joybestourous and unassigned arjan-bal Dec 22, 2025
@joybestourous joybestourous removed their assignment Dec 29, 2025
arjan-bal
arjan-bal approved these changes Jan 8, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

@arjan-bal arjan-bal left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM, thank you for the contribution!

@arjan-bal arjan-bal merged commit b3603ab into grpc:master Jan 8, 2026
14 checks passed
mbissa pushed a commit to mbissa/grpc-go that referenced this pull request Feb 16, 2026
@joybestourous @mbissa
transport: http2 server must validates header list size when early ab…
127cdc9 
…orting stream (grpc#8769)

Modifies `earlyAbortStreamHandler` to include check the header list size
when early aborting, and returns a RST_STREAM if the max size is
exceeded.

Fixes grpc#8766

RELEASE NOTES:
* transport: http2 server now validates header list size when early
aborting stream
This was referenced Apr 23, 2026
Closed
Closed
Closed
Closed
Closed
Closed
Closed
Closed
Closed
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@easwars easwars easwars approved these changes

@arjan-bal arjan-bal arjan-bal approved these changes

Assignees

@arjan-bal arjan-bal

Labels

Area: Transport Includes HTTP/2 client/server and HTTP server handler transports and advanced transport features. Type: Bug

Projects

None yet

Milestone

1.79 Release

Development

Successfully merging this pull request may close these issues.

transport: http2 server must validate header list size when early aborting stream

4 participants

@joybestourous @easwars @arjan-bal @eshitachandwani