Bug#1099935: dnspython: autopkgtest regression on s390x: bad request

Mon, 17 Mar 2025 12:22:31 -0700 

Control: reassign -1 python3-pylsqpack 0.3.18-1
Control: affects -1 src:dnspython

On Mon, Mar 17, 2025 at 05:03:56PM +0000, Colin Watson wrote:

On Sun, Mar 16, 2025 at 12:12:08PM +0000, Pranav P wrote:

I am still continuing my search on the issue.
It seems that the issue is rising from pylsqpack.
When the value field in the packet header for HTTP3 GET request contains
long strings there are problems while encoding (Only in s390x).
Due to this one of the GET parameters gets jumbled and this results in a bad 
request.
I am not able to see the same issue on ls-qpack though.
I will update any new findings.
Yes, I was just going through this today (I hadn't noticed your emails until after I'd spent some time on it) and I found much the same thing. I reduced it to the following more manageable test case: 

 # amd64
 >>> import pylsqpack
 >>> encoder = pylsqpack.Encoder()
 >>> decoder = pylsqpack.Decoder(4096, 16)
 >>> _, frame = encoder.encode(0, [(b':path', 
b'/dns-query?dns=AAABAAABAAAAAAAAAAABAAABAAAAAAAAA2RucwZnb29nbGUAAAEAAQ')])
 >>> decoder.feed_header(0, frame)
 (b'', [(b':path', 
b'/dns-query?dns=AAABAAABAAAAAAAAAAABAAABAAAAAAAAA2RucwZnb29nbGUAAAEAAQ')])

 # s390x
 >>> import pylsqpack
 >>> encoder = pylsqpack.Encoder()
 >>> decoder = pylsqpack.Decoder(4096, 16)
 >>> _, frame = encoder.encode(0, [(b':path', 
b'/dns-query?dns=AAABAAABAAAAAAAAAAABAAABAAAAAAAAA2RucwZnb29nbGUAAAEAAQ')])
 >>> decoder.feed_header(0, frame)
 (b'', [(b':path', 
b'd/snq-euyrd?snA=AAABAAABAAAAAAAAAAABAAABAAAAAAAAR2cuZwbn92bnUGAAAEAAQ')])
How does the attached patch look? The basic problem is that the Huffman encoder was assuming little-endian when reading from the source buffer.
I realize this is against vendored code, but upstream ls-qpack seems to have pretty much the same code in this area, so if this looks good I'll tidy it up and submit it there. 

Thanks,

--
Colin Watson (he/him)                              [cjwat...@debian.org]

diff --git a/vendor/ls-qpack/lsqpack.c b/vendor/ls-qpack/lsqpack.c
index de125e0..6b0c65f 100644
--- a/vendor/ls-qpack/lsqpack.c
+++ b/vendor/ls-qpack/lsqpack.c
@@ -5188,7 +5188,7 @@ qenc_huffman_enc (const unsigned char *src, const unsigned char *const src_end,
 
     while (src + sizeof(bits) * 8 / SHORTEST_CODE + sizeof(idx) < src_end)
     {
-        memcpy(&idx, src, 2);
+        idx = (uint16_t) src[0] | (((uint16_t) src[1]) << 8);
         henc = &hencs[idx];
         src += 2;
         while (bits_used + henc->lens < sizeof(bits) * 8)
@@ -5196,7 +5196,7 @@ qenc_huffman_enc (const unsigned char *src, const unsigned char *const src_end,
             bits <<= henc->lens;
             bits |= henc->code;
             bits_used += henc->lens;
-            memcpy(&idx, src, 2);
+            idx = (uint16_t) src[0] | (((uint16_t) src[1]) << 8);
             henc = &hencs[idx];
             src += 2;
         }

Reply via email to