Bug 2232563
| Summary: | HTTP2 connection fails with "curl: (16) Error in the HTTP2 framing layer" | ||
|---|---|---|---|
| Product: | Red Hat Enterprise Linux 8 | Reporter: | Renaud Métrich <rmetrich> |
| Component: | curl | Assignee: | Jacek Migacz <jmigacz> |
| Status: | NEW --- | QA Contact: | Daniel Rusek <drusek> |
| Severity: | medium | Docs Contact: | |
| Priority: | medium | ||
| Version: | 8.8 | CC: | jamacku, peter.vreman |
| Target Milestone: | rc | ||
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | If docs needed, set a value | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | Type: | Bug | |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
Description of problem: We have a customer using curl to query his Satellite 16.3 server. When using HTTP2, curl fails after some time with the following error message: curl: (16) Error in the HTTP2 framing layer Digging into this, we were able to confirm that our curl is missing the following 2 commits: commit 25a25f45ae55aae510a6de1b5bbcfa7547f5db6c Author: Laramie Leavitt <laramie.leavitt> Date: Fri Jul 3 13:10:27 2020 -0700 http: consolidate nghttp2_session_mem_recv() call paths Previously there were several locations that called nghttp2_session_mem_recv and handled responses slightly differently. Those have been converted to call the existing h2_process_pending_input() function. Moved the end-of-session check to h2_process_pending_input() since the only place the end-of-session state can change is after nghttp2 processes additional input frames. This will likely fix the fuzzing error. While I don't have a root cause the out-of-bounds read seems like a use after free, so moving the nghttp2_session_check_request_allowed() call to a location with a guaranteed nghttp2 session seems reasonable. Also updated a few nghttp2 callsites to include error messages and added a few additional error checks. Closes #5648 Author: Daniel Stenberg <daniel> Date: Mon Aug 26 16:00:05 2019 +0200 http2: when marked for closure and wanted to close == OK It could otherwise return an error even when closed correctly if GOAWAY had been received previously. Reported-by: Tom van der Woerdt Fixes #4267 Closes #4268 Version-Release number of selected component (if applicable): curl-7.61.1-30.el8_8.3 How reproducible: Always on customer system when querying his Satellite 6.13