http3: fix check for content length of the response

[imroc]

No description provided.

[marten-seemann]

What are you trying to achieve with this change?

[imroc]

What are you trying to achieve with this change?

Just like the logic written in comments: Check that the server doesn't send more data in DATA frames than indicated by the Content-Length header (if set).

[imroc]

A simple example to reproduce the bug:

package main

import (
	"github.com/quic-go/quic-go/http3"
	"io"
	"net/http"
	"strings"
)

func main() {
	client := &http.Client{
		Transport: &http3.RoundTripper{},
	}
	req, err := http.NewRequest(http.MethodPost, "https://www.cloudflare.com/", strings.NewReader("test"))
	if err != nil {
		panic(err)
	}
	req.Header.Set("Content-Length", "4")
	res, err := client.Do(req)
	if err != nil {
		panic(err)
	}
	_, err = io.ReadAll(res.Body)
	if err != nil {
		panic(err)
	}
}

Run the code:

$ go run .
panic: peer sent too much data

goroutine 1 [running]:
main.main()
        /Users/roc/dev/test/quic-go/main.go:25 +0x2d4
exit status 2

[imroc]

Current logic: Check if response body content-length if greater than Content-Length header in request.

Should change to: Check if response body content-length if greater than Content-Length header in response.

[marten-seemann]

Oh, I see! I missed that you're using res and not req. I don't think the textproto conversion is needed though, headers are already normalized after we retrieve them from qpack.

[imroc]

Oh, I see! I missed that you're using res and not req. I don't think the textproto conversion is needed though, headers are already normalized after we retrieve them from qpack.

OK, textproto is removed.

[codecov]

Codecov Report

Merging #3998 (4925daa) into master (469a615) will decrease coverage by 0.04%.
The diff coverage is 0.00%.

@@            Coverage Diff             @@
##           master    #3998      +/-   ##
==========================================
- Coverage   82.86%   82.82%   -0.04%     
==========================================
  Files         146      146              
  Lines       14729    14729              
==========================================
- Hits        12204    12198       -6     
- Misses       2025     2030       +5     
- Partials      500      501       +1     

Files Changed	Coverage Δ
http3/client.go	85.89% <0.00%> (ø)

... and 2 files with indirect coverage changes