SETTINGS_MAX_HEADER_LIST_SIZE (#206)

This, uh, grew into something far bigger than expected, but it turns out, all of it was needed to eventually support this correctly.

- Adds configuration to client and server to set [SETTINGS_MAX_HEADER_LIST_SIZE](http://httpwg.org/specs/rfc7540.html#SETTINGS_MAX_HEADER_LIST_SIZE)
- If not set, a "sane default" of 16 MB is used (taken from golang's http2)
- Decoding header blocks now happens as they are received, instead of buffering up possibly forever until the last continuation frame is parsed.
- As each field is decoded, it's undecoded size is added to the total. Whenever a header block goes over the maximum size, the `frame` will be marked as such.
- Whenever a header block is deemed over max limit, decoding will still continue, but new fields will not be appended to `HeaderMap`. This is also can save wasted hashing.
- To protect against enormous string literals, such that they span multiple continuation frames, a check is made that the combined encoded bytes is less than the max allowed size. While technically not exactly what the spec suggests (counting decoded size instead), this should hopefully only happen when someone is indeed malicious. If found, a `GOAWAY` of `COMPRESSION_ERROR` is sent, and the connection shut down.
- After an oversize header block frame is finished decoding, the streams state machine will notice it is oversize, and handle that.
  - If the local peer is a server, a 431 response is sent, as suggested by the spec.
  - A `REFUSED_STREAM` reset is sent, since we cannot actually give the stream to the user.
- In order to be able to send both the 431 headers frame, and a reset frame afterwards, the scheduled `Canceled` machinery was made more general to a `Scheduled(Reason)` state instead.

Closes #18 
Closes #191

tests/client_request.rs

@@ -544,6 +544,82 @@ fn sending_request_on_closed_connection() {
     h2.join(srv).wait().expect("wait");
 }
 
+#[test]
+fn recv_too_big_headers() {
+    let _ = ::env_logger::init();
+    let (io, srv) = mock::new();
+
+    let srv = srv.assert_client_handshake()
+        .unwrap()
+        .recv_custom_settings(
+            frames::settings()
+                .max_header_list_size(10)
+        )
+        .recv_frame(
+            frames::headers(1)
+                .request("GET", "https://http2.akamai.com/")
+                .eos(),
+        )
+        .recv_frame(
+            frames::headers(3)
+                .request("GET", "https://http2.akamai.com/")
+                .eos(),
+        )
+        .send_frame(frames::headers(1).response(200).eos())
+        .send_frame(frames::headers(3).response(200))
+        // no reset for 1, since it's closed anyways
+        // but reset for 3, since server hasn't closed stream
+        .recv_frame(frames::reset(3).refused())
+        .idle_ms(10)
+        .close();
+
+    let client = client::Builder::new()
+        .max_header_list_size(10)
+        .handshake::<_, Bytes>(io)
+        .expect("handshake")
+        .and_then(|(mut client, conn)| {
+            let request = Request::builder()
+                .uri("https://http2.akamai.com/")
+                .body(())
+                .unwrap();
+
+            let req1 = client
+                .send_request(request, true)
+                .expect("send_request")
+                .0
+                .expect_err("response1")
+                .map(|err| {
+                    assert_eq!(
+                        err.reason(),
+                        Some(Reason::REFUSED_STREAM)
+                    );
+                });
+
+            let request = Request::builder()
+                .uri("https://http2.akamai.com/")
+                .body(())
+                .unwrap();
+
+            let req2 = client
+                .send_request(request, true)
+                .expect("send_request")
+                .0
+                .expect_err("response2")
+                .map(|err| {
+                    assert_eq!(
+                        err.reason(),
+                        Some(Reason::REFUSED_STREAM)
+                    );
+                });
+
+            conn.drive(req1.join(req2))
+                .and_then(|(conn, _)| conn.expect("client"))
+        });
+
+    client.join(srv).wait().expect("wait");
+
+}
+
 const SETTINGS: &'static [u8] = &[0, 0, 0, 4, 0, 0, 0, 0, 0];
 const SETTINGS_ACK: &'static [u8] = &[0, 0, 0, 4, 1, 0, 0, 0, 0];
 

tests/codec_read.rs

@@ -12,6 +12,7 @@ fn read_none() {
 }
 
 #[test]
+#[ignore]
 fn read_frame_too_big() {}
 
 // ===== DATA =====
@@ -100,14 +101,73 @@ fn read_data_stream_id_zero() {
 // ===== HEADERS =====
 
 #[test]
+#[ignore]
 fn read_headers_without_pseudo() {}
 
 #[test]
+#[ignore]
 fn read_headers_with_pseudo() {}
 
 #[test]
+#[ignore]
 fn read_headers_empty_payload() {}
 
+#[test]
+fn read_continuation_frames() {
+    let _ = ::env_logger::init();
+    let (io, srv) = mock::new();
+
+    let large = build_large_headers();
+    let frame = large.iter().fold(
+        frames::headers(1).response(200),
+        |frame, &(name, ref value)| frame.field(name, &value[..]),
+    ).eos();
+
+    let srv = srv.assert_client_handshake()
+        .unwrap()
+        .recv_settings()
+        .recv_frame(
+            frames::headers(1)
+                .request("GET", "https://http2.akamai.com/")
+                .eos(),
+        )
+        .send_frame(frame)
+        .close();
+
+    let client = client::handshake(io)
+        .expect("handshake")
+        .and_then(|(mut client, conn)| {
+            let request = Request::builder()
+                .uri("https://http2.akamai.com/")
+                .body(())
+                .unwrap();
+
+            let req = client
+                .send_request(request, true)
+                .expect("send_request")
+                .0
+                .expect("response")
+                .map(move |res| {
+                    assert_eq!(res.status(), StatusCode::OK);
+                    let (head, _body) = res.into_parts();
+                    let expected = large.iter().fold(HeaderMap::new(), |mut map, &(name, ref value)| {
+                        use support::frames::HttpTryInto;
+                        map.append(name, value.as_str().try_into().unwrap());
+                        map
+                    });
+                    assert_eq!(head.headers, expected);
+                });
+
+            conn.drive(req)
+                .and_then(move |(h2, _)| {
+                    h2.expect("client")
+                })
+        });
+
+    client.join(srv).wait().expect("wait");
+
+}
+
 #[test]
 fn update_max_frame_len_at_rest() {
     let _ = ::env_logger::init();

tests/codec_write.rs

@@ -59,28 +59,3 @@ fn write_continuation_frames() {
 
     client.join(srv).wait().expect("wait");
 }
-
-fn build_large_headers() -> Vec<(&'static str, String)> {
-    vec![
-        ("one", "hello".to_string()),
-        ("two", build_large_string('2', 4 * 1024)),
-        ("three", "three".to_string()),
-        ("four", build_large_string('4', 4 * 1024)),
-        ("five", "five".to_string()),
-        ("six", build_large_string('6', 4 * 1024)),
-        ("seven", "seven".to_string()),
-        ("eight", build_large_string('8', 4 * 1024)),
-        ("nine", "nine".to_string()),
-        ("ten", build_large_string('0', 4 * 1024)),
-    ]
-}
-
-fn build_large_string(ch: char, len: usize) -> String {
-    let mut ret = String::new();
-
-    for _ in 0..len {
-        ret.push(ch);
-    }
-
-    ret
-}

tests/push_promise.rs

@@ -137,6 +137,56 @@ fn pending_push_promises_reset_when_dropped() {
     client.join(srv).wait().expect("wait");
 }
 
+#[test]
+fn recv_push_promise_over_max_header_list_size() {
+    let _ = ::env_logger::init();
+    let (io, srv) = mock::new();
+
+    let srv = srv.assert_client_handshake()
+        .unwrap()
+        .recv_custom_settings(
+            frames::settings()
+                .max_header_list_size(10)
+        )
+        .recv_frame(
+            frames::headers(1)
+                .request("GET", "https://http2.akamai.com/")
+                .eos(),
+        )
+        .send_frame(frames::push_promise(1, 2).request("GET", "https://http2.akamai.com/style.css"))
+        .recv_frame(frames::reset(2).refused())
+        .send_frame(frames::headers(1).response(200).eos())
+        .idle_ms(10)
+        .close();
+
+    let client = client::Builder::new()
+        .max_header_list_size(10)
+        .handshake::<_, Bytes>(io)
+        .expect("handshake")
+        .and_then(|(mut client, conn)| {
+            let request = Request::builder()
+                .uri("https://http2.akamai.com/")
+                .body(())
+                .unwrap();
+
+            let req = client
+                .send_request(request, true)
+                .expect("send_request")
+                .0
+                .expect_err("response")
+                .map(|err| {
+                    assert_eq!(
+                        err.reason(),
+                        Some(Reason::REFUSED_STREAM)
+                    );
+                });
+
+            conn.drive(req)
+                .and_then(|(conn, _)| conn.expect("client"))
+        });
+    client.join(srv).wait().expect("wait");
+}
+
 #[test]
 #[ignore]
 fn recv_push_promise_with_unsafe_method_is_stream_error() {

tests/server.rs

@@ -261,3 +261,76 @@ fn sends_reset_cancel_when_res_body_is_dropped() {
 
     srv.join(client).wait().expect("wait");
 }
+
+#[test]
+fn too_big_headers_sends_431() {
+    let _ = ::env_logger::init();
+    let (io, client) = mock::new();
+
+    let client = client
+        .assert_server_handshake()
+        .unwrap()
+        .recv_custom_settings(
+            frames::settings()
+                .max_header_list_size(10)
+        )
+        .send_frame(
+            frames::headers(1)
+                .request("GET", "https://example.com/")
+                .field("some-header", "some-value")
+                .eos()
+        )
+        .recv_frame(frames::headers(1).response(431).eos())
+        .idle_ms(10)
+        .close();
+
+    let srv = server::Builder::new()
+        .max_header_list_size(10)
+        .handshake::<_, Bytes>(io)
+        .expect("handshake")
+        .and_then(|srv| {
+            srv.into_future()
+                .expect("server")
+                .map(|(req, _)| {
+                    assert!(req.is_none(), "req is {:?}", req);
+                })
+        });
+
+    srv.join(client).wait().expect("wait");
+}
+
+#[test]
+fn too_big_headers_sends_reset_after_431_if_not_eos() {
+    let _ = ::env_logger::init();
+    let (io, client) = mock::new();
+
+    let client = client
+        .assert_server_handshake()
+        .unwrap()
+        .recv_custom_settings(
+            frames::settings()
+                .max_header_list_size(10)
+        )
+        .send_frame(
+            frames::headers(1)
+                .request("GET", "https://example.com/")
+                .field("some-header", "some-value")
+        )
+        .recv_frame(frames::headers(1).response(431).eos())
+        .recv_frame(frames::reset(1).refused())
+        .close();
+
+    let srv = server::Builder::new()
+        .max_header_list_size(10)
+        .handshake::<_, Bytes>(io)
+        .expect("handshake")
+        .and_then(|srv| {
+            srv.into_future()
+                .expect("server")
+                .map(|(req, _)| {
+                    assert!(req.is_none(), "req is {:?}", req);
+                })
+        });
+
+    srv.join(client).wait().expect("wait");
+}

tests/support/frames.rs

@@ -152,6 +152,10 @@ impl Mock<frame::Headers> {
         self
     }
 
+    pub fn into_fields(self) -> HeaderMap {
+        self.0.into_parts().1
+    }
+
     fn into_parts(self) -> (StreamId, frame::Pseudo, HeaderMap) {
         assert!(!self.0.is_end_stream(), "eos flag will be lost");
         assert!(self.0.is_end_headers(), "unset eoh will be lost");
@@ -304,6 +308,11 @@ impl Mock<frame::Settings> {
         self.0.set_initial_window_size(Some(val));
         self
     }
+
+    pub fn max_header_list_size(mut self, val: u32) -> Self {
+        self.0.set_max_header_list_size(Some(val));
+        self
+    }
 }
 
 impl From<Mock<frame::Settings>> for frame::Settings {

tests/support/mock.rs

@@ -394,12 +394,13 @@ pub trait HandleFutureExt {
         self.recv_custom_settings(frame::Settings::default())
     }
 
-    fn recv_custom_settings(self, settings: frame::Settings)
+    fn recv_custom_settings<T>(self, settings: T)
         -> RecvFrame<Box<Future<Item = (Option<Frame>, Handle), Error = ()>>>
     where
         Self: Sized + 'static,
         Self: Future<Item = (frame::Settings, Handle)>,
         Self::Error: fmt::Debug,
+        T: Into<frame::Settings>,
     {
         let map = self
             .map(|(settings, handle)| (Some(settings.into()), handle))
@@ -409,7 +410,7 @@ pub trait HandleFutureExt {
             Box::new(map);
         RecvFrame {
             inner: boxed,
-            frame: settings.into(),
+            frame: settings.into().into(),
         }
     }
 

tests/support/mod.rs

@@ -64,3 +64,4 @@ pub type Codec<T> = h2::Codec<T, ::std::io::Cursor<::bytes::Bytes>>;
 
 // This is the frame type that is sent
 pub type SendFrame = h2::frame::Frame<::std::io::Cursor<::bytes::Bytes>>;
+

tests/support/prelude.rs

@@ -85,3 +85,28 @@ where
         }
     }
 }
+
+pub fn build_large_headers() -> Vec<(&'static str, String)> {
+    vec![
+        ("one", "hello".to_string()),
+        ("two", build_large_string('2', 4 * 1024)),
+        ("three", "three".to_string()),
+        ("four", build_large_string('4', 4 * 1024)),
+        ("five", "five".to_string()),
+        ("six", build_large_string('6', 4 * 1024)),
+        ("seven", "seven".to_string()),
+        ("eight", build_large_string('8', 4 * 1024)),
+        ("nine", "nine".to_string()),
+        ("ten", build_large_string('0', 4 * 1024)),
+    ]
+}
+
+fn build_large_string(ch: char, len: usize) -> String {
+    let mut ret = String::new();
+
+    for _ in 0..len {
+        ret.push(ch);
+    }
+
+    ret
+}