DoH code relies on HTTP headers processing order
DoH code makes assumptions regarding the HTTP (pseudo)header processing order. In particular, it assumes that
:method: pseudo-header will be processed one of the first, which might not be true. In this case, the request will be treated as a bad one.
The problem was found when testing the DoH code with
HTTP 1.1 benchmarking tool being developed by
libnghttp2 authors. The problem revealed itself only when testing
POST requests (
GET requests were fine).
h2load -t 8 -c 300 -m 100 -n 1000000 -d ~/projects/isc/request_data.bin -H "content-type:application/dns-message" https://doh.example.com/dns-query
In order to resolve the problem we need to move the checks which require certain headers to be processed first into
server_on_request_recv(), which knows all the required context.