http_server: enforce buffer_max_size for HTTP/2 request bodies

[edsiper]

---

Fluent Bit is licensed under Apache 2.0, by submitting this pull request I understand that this code will be released under the terms of that license.

Summary by CodeRabbit

• Bug Fixes
  • Improved HTTP/2 request body size limit validation. The server now includes enhanced checks at critical request processing stages: when parsing request headers and when receiving data chunks. Requests exceeding the configured body size limit are promptly rejected, reducing the risk of resource exhaustion.

[coderabbitai]

📝 Walkthrough

Walkthrough

Introduces a new internal helper function to validate HTTP/2 request body size limits. The function checks if appending data would exceed the configured maximum body size and is integrated at header parsing and data chunk reception points to abort processing when limits are exceeded.

Changes

Cohort / File(s)	Summary
HTTP/2 Request Body Limit Validation src/http_server/flb_http_server_http2.c	Added static helper function http2_request_body_limit_exceeded() to check if incoming data would exceed configured body size limit. Integrated at header parsing (content-length validation) and data chunk reception points to preemptively reject oversized requests by setting error status and returning failure.

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~20 minutes

Suggested reviewers

• cosmo0920

Poem

🐰✨ A rabbit hops with glee,
New guards on request size decree!
No body swells beyond its bound,
Limits checked with logic sound,
HTTP/2 streams run free! 🚀

🚥 Pre-merge checks | ✅ 2 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 16.67% which is insufficient. The required threshold is 80.00%.	Write docstrings for the functions missing them to satisfy the coverage threshold.

✅ Passed checks (2 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title 'http_server: enforce buffer_max_size for HTTP/2 request bodies' directly and clearly summarizes the main change: adding enforcement of the buffer_max_size limit for HTTP/2 request bodies.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

• 📝 Generate docstrings (stacked PR)
• 📝 Generate docstrings (commit on current branch)

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch http2_buffer_size

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@src/http_server/flb_http_server_http2.c`:
- Around line 93-95: The branch that checks for a NULL server currently returns
FLB_FALSE (disabling body-size enforcement) which is inconsistent with the
earlier fail-closed behavior for a missing parent_session; update the server
NULL check in flb_http_server_http2.c so that when server == NULL the function
returns FLB_TRUE to enforce body-size limits (mirroring the parent_session
handling) — locate the NULL check for "server" and change the return value from
FLB_FALSE to FLB_TRUE.

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: 1593641f-344e-4112-9e27-b9fbe4a41916

📥 Commits

Reviewing files that changed from the base of the PR and between a7db0c7 and 4fc14ba.

📒 Files selected for processing (1)

• src/http_server/flb_http_server_http2.c

[coderabbitai]

⚠️ Potential issue | 🟠 Major

Fail-closed check should also apply when server is missing.

At Line 93-Line 95, server == NULL returns FLB_FALSE, which disables body-size enforcement in this error path. Since Line 87-Line 89 already fails closed for missing parent_session, this branch should be consistent to avoid unbounded body growth if linkage is incomplete.

Proposed fix

-    if (server == NULL) {
-        return FLB_FALSE;
-    }
+    if (server == NULL) {
+        return FLB_TRUE;
+    }

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	if (server == NULL) {
	return FLB_FALSE;
	}
	if (server == NULL) {
	return FLB_TRUE;
	}

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@src/http_server/flb_http_server_http2.c` around lines 93 - 95, The branch
that checks for a NULL server currently returns FLB_FALSE (disabling body-size
enforcement) which is inconsistent with the earlier fail-closed behavior for a
missing parent_session; update the server NULL check in flb_http_server_http2.c
so that when server == NULL the function returns FLB_TRUE to enforce body-size
limits (mirroring the parent_session handling) — locate the NULL check for
"server" and change the return value from FLB_FALSE to FLB_TRUE.

[cosmo0920]

@edsiper Could you take a look on this review comment? It could be mistakenly specified the returned value. This could cause something like operation glitches for disabling for body-size enforcement in this failing path.
is this intentional?

[coderabbitai]

Seems like the humans are having a chat. I'll hop back into my burrow for now. If you need me again, just tag @coderabbitai in a new comment, and I'll come hopping out!

[shblue21]

Thank you for your quick fix