commit 72fd357814e1 ("MEDIUM: mux-h1: Return an error on h2 upgrade
attempts if not allowed") added an h1_report_glitch() call on the new
405 path but exits via "goto no_parsing", which skips the
session_add_glitch_ctr() call at the end of the parse block. As a
result fc_glitches increments correctly but the per-session stick
counters never see it, breaking sc_glitch_cnt-based rate limiting of
the H2-preface-over-H1 abuse pattern.
No backport needed beyond the branches that took 72fd357814.
---
src/mux_h1.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/src/mux_h1.c b/src/mux_h1.c
index ec97d020d..996cc6320 100644
--- a/src/mux_h1.c
+++ b/src/mux_h1.c
@@ -4210,6 +4210,8 @@ static int h1_process(struct h1c * h1c)
TRACE_ERROR("H2 upgrade not allowed",
H1_EV_H1C_WAKE|H1_EV_H1C_ERR);
h1_report_glitch(h1c, 1, "H2 upgrade not
allowed");
h1_handle_parsing_error(h1c);
+ if (h1c->glitches != prev_glitches &&
!(h1c->flags & H1C_F_IS_BACK))
+ session_add_glitch_ctr(sess,
h1c->glitches - prev_glitches);
goto no_parsing;
}
}
--
2.50.1 (Apple Git-155)
