[6.0] 39e5c9266 http2_hpack: Enforce http_req_size limit

[Dridi Boukelmoune]

commit 39e5c9266e387cdb1f79a3ef33762eccd3827b87
Author: Dridi Boukelmoune <dridi.boukelmoune at gmail.com>
Date:   Thu Mar 28 16:08:46 2024 +0100

    http2_hpack: Enforce http_req_size limit
    
    Refs #3709
    Refs #3892
    
    Conflicts:
            bin/varnishd/http2/cache_http2_hpack.c

diff --git a/bin/varnishd/http2/cache_http2_hpack.c b/bin/varnishd/http2/cache_http2_hpack.c
index 25fc0be7d..1b476c9aa 100644
--- a/bin/varnishd/http2/cache_http2_hpack.c
+++ b/bin/varnishd/http2/cache_http2_hpack.c
@@ -267,7 +267,8 @@ h2h_decode_init(const struct h2_sess *h2)
 	d = h2->decode;
 	INIT_OBJ(d, H2H_DECODE_MAGIC);
 	VHD_Init(d->vhd);
-	d->out_l = WS_ReserveAll(h2->new_req->http->ws);
+	d->out_l = WS_Reserve(h2->new_req->http->ws,
+	    cache_param->http_req_size);
 	/*
 	 * Can't do any work without any buffer
 	 * space. Require non-zero size.
@@ -308,6 +309,10 @@ h2h_decode_fini(const struct h2_sess *h2)
 	} else
 		ret = d->error;
 	d->magic = 0;
+	if (ret == H2SE_REQ_SIZE) {
+		VSLb(h2->new_req->http->vsl, SLT_LostHeader,
+		    "Header list too large");
+	}
 	return (ret);
 }
 
diff --git a/bin/varnishtest/tests/r03709.vtc b/bin/varnishtest/tests/r03709.vtc
index 7439efba3..242afe2f1 100644
--- a/bin/varnishtest/tests/r03709.vtc
+++ b/bin/varnishtest/tests/r03709.vtc
@@ -2,17 +2,40 @@ varnishtest "h2 req limits"
 
 varnish v1 -cliok "param.set feature +http2"
 varnish v1 -cliok "param.set http_req_hdr_len 40b"
+varnish v1 -cliok "param.set http_req_size 512b"
 varnish v1 -vcl {
 	backend be none;
 } -start
 
-logexpect l1 -v v1 -g raw -q BogoHeader {
+logexpect l1 -v v1 -g raw -q BogoHeader,LostHeader {
 	expect 0 1001 BogoHeader "Header too large: :path"
+	expect 0 1002 LostHeader "Header list too large"
 } -start
 
 client c1 {
 	stream next {
-		txreq -url ${string,repeat,4,/123456789}
+		txreq -url ${string,repeat,4,/123456789} \
+			-hdr limit http_req_hdr_len
+		rxrst
+		expect rst.err == ENHANCE_YOUR_CALM
+	} -run
+
+	stream next {
+		txreq -url "/http_req_size" \
+			-hdr hdr1 ${string,repeat,3,/123456789} \
+			-hdr hdr2 ${string,repeat,3,/123456789} \
+			-hdr hdr3 ${string,repeat,3,/123456789} \
+			-hdr hdr4 ${string,repeat,3,/123456789} \
+			-hdr hdr5 ${string,repeat,3,/123456789} \
+			-hdr hdr6 ${string,repeat,3,/123456789} \
+			-hdr hdr7 ${string,repeat,3,/123456789} \
+			-hdr hdr8 ${string,repeat,3,/123456789} \
+			-hdr hdr9 ${string,repeat,3,/123456789} \
+			-hdr hdr10 ${string,repeat,3,/123456789} \
+			-hdr hdr11 ${string,repeat,3,/123456789} \
+			-hdr hdr12 ${string,repeat,3,/123456789} \
+			-hdr hdr13 ${string,repeat,3,/123456789} \
+			-hdr hdr14 ${string,repeat,3,/123456789}
 		rxrst
 		expect rst.err == ENHANCE_YOUR_CALM
 	} -run