Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Alt-Svc header parser doesn't accept empty ALPN #83775

Open
ManickaP opened this issue Mar 22, 2023 · 5 comments
Open

Alt-Svc header parser doesn't accept empty ALPN #83775

ManickaP opened this issue Mar 22, 2023 · 5 comments
Labels
area-System.Net.Http disabled-test The test is disabled in source code against the issue enhancement Product code improvement that does NOT require public API changes/additions
Milestone
Future

Comments

@ManickaP
Copy link
Member

ManickaP commented Mar 22, 2023
edited
Loading

This is a root cause for failing outerloop test: Public_Interop_Upgrade_Request3OrLower_Success for https://www.litespeedtech.com/

The server sends this Alt-Svc header:

Alt-Svc: =":443"; ma=2592000, h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"

Note the first item is missing ALPN. Our header parsing then discards the whole header. RFC says that empty ALPN is not allowed as it specifies it as token

Firefox has no issues with this and is able to process the next request via h3.

Question is whether we should allow this? We could just ignore the unparsable value or allow empty ALPN.
@ghost ghost added the untriaged New issue has not been triaged by the area owner label Mar 22, 2023
@ghost
Copy link

ghost commented Mar 22, 2023

Tagging subscribers to this area: @dotnet/ncl
See info in area-owners.md if you want to be subscribed.

Issue Details

This is a root cause for failing outerloop test: Public_Interop_Upgrade_Request3OrLower_Success for https://www.litespeedtech.com/

The server sends this Alt-Svc header:

Alt-Svc: =":443"; ma=2592000, h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"

Note the first item missing ALPN. Our header parsing then discards the whole header. RFC says that empty ALPN is not allowed as it specifies it as token

Firefox has no issues with this and is able to process the next request via h3.

Question is whether we should allow this? We could just ignore the unparsable value or allow empty ALPN.

Author: ManickaP
Assignees: -
Labels:

area-System.Net.Http
Milestone: -

@wfurt
Copy link
Member

wfurt commented Mar 22, 2023

I would be in favor of ignoring fragments where practical instead of ignoring whole header. I agree that the example seems to violate RFC but it may be good for improving interior. Upgrading to H/3 should be optional so I don't see it is critical.
Perhaps low-priority ?

@MihaZupan
Copy link
Member

Looking at the current Alt-Svc logic, there are other weird things going on:

  • It's likely that the current logic for clear is unreachable
    • We are reading the list of values via HttpHeaders.TryGetValues here. This involves validation, so it goes through the AltSvcHeaderParser, which creates a list of AltSvcHeaderValues. Those values are then ToStringed and returned from TryGetValues. Then the loop feeds those strings back to AltSvcHeaderParser and looks at parsed values.
    • AltSvcHeaderValue.ToString is broken for clear and it will return clear=":0"; ma=0, which is an invalid value and won't roundtrip through the parser.
    • As an example, the following code throws on the second Add 
      var headers = new HttpResponseMessage().Headers;
headers.Add("Alt-Svc", "clear");
string value = headers.GetValues("Alt-Svc").Single();
headers.Clear();
headers.Add("Alt-Svc", value); // The format of value 'clear=":0"; ma=0' is invalid
    • Similarly, the second call to the AltSvcHeaderParser will fail, and so that loop can never observe the clear value
  • Even if the loop could see clear, we're still going to use the first authority we saw, even though clear should have been the only value present. (We break here, but maybe we should be returning?)
  • We're comparing authorities against each other in a few places with == and !=, but the HttpAuthority class doesn't override these operators, so this is doing reference equality. This is suspicious at best and potentially an error in some places.
  • GetHttp3ConnectionAsync could end up returning null here in a race, leading to a NRE here.

@ManickaP ManickaP mentioned this issue Mar 24, 2023
Open
@ManickaP
Copy link
Member Author

Triage: our behavior follows RFC, the impact is minimal as we only do not upgrade to h3 which is on its own voluntary, moving to future.

@ManickaP
Copy link
Member Author

Looking at the current Alt-Svc logic, there are other weird things going on:

I've extracted your notes to a separate issue. They might be tackled together, but that's not necessary.

@ManickaP ManickaP removed the untriaged New issue has not been triaged by the area owner label Mar 24, 2023
@ManickaP ManickaP added this to the Future milestone Mar 24, 2023
@ManickaP ManickaP added enhancement Product code improvement that does NOT require public API changes/additions disabled-test The test is disabled in source code against the issue labels Mar 24, 2023
@ManickaP ManickaP mentioned this issue Mar 24, 2023
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
area-System.Net.Http disabled-test The test is disabled in source code against the issue enhancement Product code improvement that does NOT require public API changes/additions
Projects
None yet
Milestone
Future
Development

No branches or pull requests
3 participants
@ManickaP @wfurt @MihaZupan