Bug ID 682283: Malformed HTTP/2 request with invalid Content-Length value is served against RFC

Last Modified: Nov 07, 2022

Bug Tracker

Affected Product:  See more info
BIG-IP LTM(all modules)

Known Affected Versions:
13.1.0, 13.1.0.1, 13.1.0.2, 13.1.0.3, 13.1.0.4, 13.1.0.5, 13.1.0.6, 13.1.0.7, 14.0.0, 14.0.0.1, 14.0.0.2

Fixed In:
14.1.0, 14.0.0.3, 13.1.0.8

Opened: Sep 08, 2017
Severity: 4-Minor

Symptoms

HTTP/2 request can include Content-Length header. When the value of a Content-Length header does not match the sum of lengths of all DATA frames from the stream, RFC requires that the system reset the stream.

Impact

The BIG-IP system sends a request to a server and serves a provided response, which is not in conformance with the RFC.

Conditions

-- A virtual server is configured with HTTP/2 profile. -- The value of Content-Length header does not match the sum of lengths of all DATA frames from the stream.

Workaround

None.

Fix Information

Now, when a client sends a request over an HTTP/2 connection with a malformed HEADERS frame in which Content-Length does not match the payload size in DATA frames, the BIG-IP system correctly resets the stream with RST_STREAM frame.

Behavior Change