transport: http2 server must validate header list size when early aborting stream

[arjan-bal]

While sending headers and trailers in the normal flow, gRPC ensures that the headers length is less than the limit specified by the peer. If not, a RST_STREAM frame is sent instead.

grpc-go/internal/transport/http2_server.go

Lines 1113 to 1125 in ae4bd1e

	success, err := t.controlBuf.executeAndPut(func() bool {
	return t.checkForHeaderListSize(trailingHeader)
	}, nil)
	if !success {
	if err != nil {
	return err
	}
	t.closeStream(s, true, http2.ErrCodeInternal, false)
	return ErrHeaderListSizeLimitViolation
	}
	// Send a RST_STREAM after the trailers if the client has not already half-closed.
	rst := s.getState() == streamActive
	t.finishStream(s, rst, http2.ErrCodeNo, trailingHeader, true)

grpc-go/internal/transport/http2_server.go

Lines 1044 to 1051 in ae4bd1e

	success, err := t.controlBuf.executeAndPut(func() bool { return t.checkForHeaderListSize(hf) }, hf)
	if !success {
	if err != nil {
	return err
	}
	t.closeStream(s, true, http2.ErrCodeInternal, false)
	return ErrHeaderListSizeLimitViolation
	}

A similar check should also be performed when the server decides to abort the stream after parsing the client headers here:

grpc-go/internal/transport/controlbuf.go

Lines 855 to 859 in ae4bd1e

	}
	if err := l.writeHeader(eas.streamID, true, headerFields, nil); err != nil {
	return err
	}

We should also add a test to catch regressions.

[slyt3]

Hii! I'd like to work on this. Can you assign it to me?

[arjan-bal]

Hi @slyt3, please hold off for now. @joybestourous is working on this code path in #8754 and might address this as a follow-up of that work.