NGINX HPACK decode failure

classic Classic list List threaded Threaded
3 messages Options
Reply | Threaded
Open this post in threaded view
|

NGINX HPACK decode failure

Jesse Wilson
I’m attempting to diagnose a bug report against OkHttp, the HTTP/2 client for Android that I help to maintain.


Some of my users have run into problems making HTTP/2 requests against NGINX. I believe the problem is that NGINX’s HPACK decoder can’t decode the following:

020347455404232f726573742f76312f73697465732f37333335303032312f70
6f7374732f363039313501187075626c69632d6170692e776f72647072657373
2e636f6d060568747470730f00057574662d380f2b0c6f6b687474702f322e35
2e30

It fails, and reports a PROTOCOL_ERROR to the client. Instead, it should have decoded to this:

:method: GET
:path: /rest/v1/sites/73350021/posts/60915
:authority: public-api.wordpress.com
:scheme: https
accept-charset: utf-8
user-agent: okhttp/2.5.0

Please confirm. Unfortunately, I can’t tell you the particulars of the version of NGINX deployed on wordpress.com that triggers this.

Thanks!
– Jesse


_______________________________________________
nginx mailing list
[hidden email]
http://mailman.nginx.org/mailman/listinfo/nginx
Reply | Threaded
Open this post in threaded view
|

Re: NGINX HPACK decode failure

Sergey Kandaurov
On Oct 18, 2015, at 8:21 PM, Jesse Wilson <[hidden email]> wrote:

> I’m attempting to diagnose a bug report against OkHttp, the HTTP/2 client for Android that I help to maintain.
>
>
> Some of my users have run into problems making HTTP/2 requests against NGINX. I believe the problem is that NGINX’s HPACK decoder can’t decode the following:
>
> 020347455404232f726573742f76312f73697465732f37333335303032312f70
> 6f7374732f363039313501187075626c69632d6170692e776f72647072657373
> 2e636f6d060568747470730f00057574662d380f2b0c6f6b687474702f322e35
> 2e30
>
> It fails, and reports a PROTOCOL_ERROR to the client. Instead, it should have decoded to this:
>
> :method: GET
> :path: /rest/v1/sites/73350021/posts/60915
> :authority:
> public-api.wordpress.com
>
> :scheme: https
> accept-charset: utf-8
> user-agent: okhttp/2.5.0
>
> Please confirm. Unfortunately, I can’t tell you the particulars of the version of NGINX deployed on wordpress.com that triggers this.

Thanks for reporting.
This looks like a bug, we’re working on it.
Meanwhile, you might want to try this patch:

diff -r 6e1de800ac5a src/http/v2/ngx_http_v2.c
--- a/src/http/v2/ngx_http_v2.c Fri Oct 16 18:49:17 2015 +0300
+++ b/src/http/v2/ngx_http_v2.c Mon Oct 19 15:01:52 2015 +0300
@@ -1252,7 +1252,7 @@ ngx_http_v2_state_header_block(ngx_http_
 
     } else {
         /* literal header field without indexing */
-        prefix = ngx_http_v2_prefix(3);
+        prefix = ngx_http_v2_prefix(4);
     }
 
     value = ngx_http_v2_parse_int(h2c, &pos, end, prefix);

--
Sergey Kandaurov

_______________________________________________
nginx mailing list
[hidden email]
http://mailman.nginx.org/mailman/listinfo/nginx
Reply | Threaded
Open this post in threaded view
|

Re: NGINX HPACK decode failure

Valentin V. Bartenev-3
In reply to this post by Jesse Wilson
On Sunday 18 October 2015 17:21:11 Jesse Wilson wrote:

> I’m attempting to diagnose a bug report
> <https://github.com/square/okhttp/issues/1897> against OkHttp, the HTTP/2
> client for Android that I help to maintain.
>
>
> Some of my users have run into problems making HTTP/2 requests against
> NGINX. I believe the problem is that NGINX’s HPACK decoder can’t decode the
> following:
>
> 020347455404232f726573742f76312f73697465732f37333335303032312f70
> 6f7374732f363039313501187075626c69632d6170692e776f72647072657373
> 2e636f6d060568747470730f00057574662d380f2b0c6f6b687474702f322e35
> 2e30
>
> It fails, and reports a PROTOCOL_ERROR to the client. Instead, it should
> have decoded to this:
>
> :method: GET
> :path: /rest/v1/sites/73350021/posts/60915
> :authority: public-api.wordpress.com
> :scheme: https
> accept-charset: utf-8
> user-agent: okhttp/2.5.0
>
> Please confirm. Unfortunately, I can’t tell you the particulars of the
> version of NGINX deployed on wordpress.com that triggers this.
>

Thank you for the report.
This is fixed now: http://hg.nginx.org/nginx/rev/0e37389c0bd5

  wbr, Valentin V. Bartenev

_______________________________________________
nginx mailing list
[hidden email]
http://mailman.nginx.org/mailman/listinfo/nginx