There appears to be a bug with the http2 header decoding

[murgatroid99]

• Version: 10.15.3
• Platform: node: 10-alpine official docker image
• Subsystem: http2

This comes from googleapis/nodejs-datastore#415. It looks like occasionally http2 headers objects are being provided from the http2 module with invalid and clearly incorrect header keys. For example, some bad headers objects look like these

[Object: null prototype] {
 ':status': 200,
 'content-disposition': 'attachment',
 'content-type': 'application/grpc',
 ' pø0': 'Wed, 10 Jul 2019 23:39:46 GMT',
 'alt-svc': 'quic=":443"; ma=2592000; v="46,43,39"'
}

[Object: null prototype] {
   ':status': 200,
   'content-disposition': 'attachment',
   'content-type': 'application/grpc',
   'A\u0000\u0000\u0000': 'Wed, 10 Jul 2019 22:37:34 GMT',
   'alt-svc': 'quic=":443"; ma=2592000; v="46,43,39"'
 }

[Object: null prototype] {
 ':status': 200,
 'content-disposition': 'attachment',
 'content-type': 'application/grpc',
 ' ÐÕJ': 'Wed, 10 Jul 2019 23:58:43 GMT',
 'alt-svc': 'quic=":443"; ma=2592000; v="46,43,39"'
}

while valid headers look like this:

[Object: null prototype] {
 ':status': 200,
 'content-disposition': 'attachment',
 'content-type': 'application/grpc',
 date: 'Wed, 10 Jul 2019 23:05:02 GMT',
 'alt-svc': 'quic=":443"; ma=2592000; v="46,43,39"'
}

In all of the cases we have seen, it looks like the date key is replace with this garbled nonsense. My guess is that it is relevant that that header is the one most likely to be encoded in the format Literal Header Field Never Indexed — Indexed Name because the value changes with every request.

[addaleax]

Do you happen to have some kind of reproduction for this?

[murgatroid99]

Unfortunately, not yet. I was hoping that someone more familiar with the implementation might be able to see what the error is from the information I have.

[addaleax]

@murgatroid99 Okay – this is happening on the client side and it is only happening with the date header so far, correct? Do the invalid header names vary from process to process, or from request to request?

[pworkpop]

@addaleax
We had this error re-surface since Oct 10th - same key across several containers (does not vary by process or by request)

{ Error: Metadata key "@���" contains illegal characters at Http2CallStream.call.on 
(/app/bundle/programs/server/npm/node_modules/@grpc/grpc-js/build/src/client.js:101:45) at 
emitOne (events.js:121:20) at Http2CallStream.emit (events.js:211:7) at process.nextTick 
(/app/bundle/programs/server/npm/node_modules/@grpc/grpc-js/build/src/call-stream.js:71:22)
 at _combinedTickCallback (internal/process/next_tick.js:132:7) at process._tickDomainCallback 
(internal/process/next_tick.js:219:9) code: 2, details: 'Metadata key "@\u0000\u0000\u0000" 
contains illegal characters', metadata: Metadata { options: undefined, internalRepr: Map {} }, note: 
'Exception occurred in retry method that was not classified as transient' }

I can't confirm this being a client side bug either - we are using Google PubSub.

Platform: node: 8-stretch (docker) image (one instance on 10-stretch)

[addaleax]

@pworkpop I guess the same question goes for you then – do you have some kind of reproduction?

[pworkpop]

@addaleax unfortunately not, we are battling some connection issues that surface as deadline exceeded errors in PubSub so it may well be the servers sending the invalid key

[jasnell]

one thing you can potentially try is setting up Wireshark to intercept the HTTPS secured HTTP/2 traffic flowing into the endpoint. Obviously that depends on your set up, but it would be interesting to see if the headers coming into our Header handling code are correct. Given the kind of corruption that is occurring in the examples, it almost looks like the pointers could be uninitialized, which means our ref counting may be off and nghttp2 could be freeing the buffers earlier than expected. That shouldn't be possible with the current implementation unless there's definitely something wrong and we very likely would have seen the bug crop up previously. If we can rule out errors in the inbound data, then that would help in lieu of a reproducible test case

[remduf]

Is this problem also present in node 12 ?

[murgatroid99]

I'm not sure. We've had multiple recent reports of this error but they haven't specified the Node version.

[clshortfuse]

Sounds like an encoding issue with a child dependency, not NodeJS. It does look like it's fixed now:

googleapis/nodejs-datastore#415

googleapis/gax-nodejs#521

Edit: Unless we want NodeJS to do the urlencoding...