mirrors/aports
3
0
Fork 0
mirror of https://gitlab.alpinelinux.org/alpine/aports.git synced 2025-04-20 01:26:38 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions
aports/main/curl/0001-http-In-alt-svc-negotiation-only-allow-supported-HTT.patch

52 lines
2.2 KiB
Diff
Raw Permalink Blame History

From cdfe3c3f050acbfb0860b38cea259c65d9c8883d Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?S=C3=B6ren=20Tempel?= <soeren+git@soeren-tempel.net>
Date: Sat, 12 Apr 2025 18:09:47 +0200
Subject: [PATCH] http: In alt-svc negotiation only allow supported HTTP
versions
Without this patch, the handling of the alt-svc header added via
279a4772ae67dd4d9770e11e60040f9113b1c345 in curl-8.13.0 attempts to
connect to alternative services via different HTTP versions, even if the
target HTTP version is not supported by curl (i.e., not enabled at
compile-time). If I understand the code and RFC 7838 correctly, then we
should only attempt to migrate to supported protocols. Therefore,
`allowed_apns` should only contain such protocols, and we need to guard
its modification with `ifdefs` for supported HTTP versions.
This was discovered in a downstream bug report in Alpine Linux [1] where
it was reported that a Matrix client (using libcurl) was defunct after
the upgrade to curl-8.13.0. Further debugging revealed that this was due
to the Matrix server sending a `alt-svc: h3=":443";` HTTP header,
causing curl to attempt migration to HTTP3 even though Alpine's curl
version is compiled without HTTP3 support.
I am not sure if this is the best place in the code to address this
or if the `allowed` bitmask shouldn't contain unsupported versions
in the first place. However, since there are existing `ifdefs` in
this function for source (not destination) ALP selection, it may
be a good fit to address this here.
[1]: https://gitlab.alpinelinux.org/alpine/aports/-/issues/17062
---
lib/url.c | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/lib/url.c b/lib/url.c
index d94a29375..1f4eb4c57 100644
--- a/lib/url.c
+++ b/lib/url.c
@@ -3045,10 +3045,14 @@ static CURLcode parse_connect_to_slist(struct Curl_easy *data,
DEBUGF(infof(data, "Alt-svc check wanted=%x, allowed=%x",
neg->wanted, neg->allowed));
+#ifdef USE_HTTP3
if(neg->allowed & CURL_HTTP_V3x)
allowed_alpns |= ALPN_h3;
+#endif
+#ifdef USE_HTTP2
if(neg->allowed & CURL_HTTP_V2x)
allowed_alpns |= ALPN_h2;
+#endif
if(neg->allowed & CURL_HTTP_V1x)
allowed_alpns |= ALPN_h1;
allowed_alpns &= (int)data->asi->flags;
Reference in a new issue View git blame Copy permalink