Enhance HTTP/2 frame handling and add unit tests for settings validation

Author: gedaiu

source/vibe/http/internal/http2/server.d

@@ -274,10 +274,7 @@ private void handleHTTP2FrameChain(ConnectionStream)(ConnectionStream stream, TC
 				}
 			} catch (Exception e) {
 				logException(e, "Failed to handle HTTP/2 frame chain");
-				try { connection.close(); } catch (Exception) {}
-				return true;
-			} catch (Throwable t) {
-				logWarn("HTTP/2 frame handler error: %s", t.msg);
+				try { stream.finalize(); } catch (Exception) {}
 				try { connection.close(); } catch (Exception) {}
 				return true;
 			}
@@ -626,14 +623,16 @@ private bool handleFrameAlloc(ConnectionStream)(ref ConnectionStream stream, TCP
 		static if (!is(ConnectionStream : TLSStream)) {
 
 			if (context.resFrame) {
+				// h2c upgrade response is always on stream 1 (RFC 7540 §3.2)
+				enum h2cUpgradeStreamId = 1;
 				auto l = context.resFrame.takeExactly(3).fromBytes(3) + HTTP2HeaderLength;
 				auto hpackPayload = context.resFrame[HTTP2HeaderLength .. l];
 				ubyte isEndStream = (context.resFrame.length > l)
 					? cast(ubyte) 0x0 : HTTP2FrameFlag.END_STREAM;
 
 				try {
 					stream.write(buildSplitHeaderFrames(hpackPayload,
-						context.settings.maxFrameSize, 1, isEndStream, alloc));
+						context.settings.maxFrameSize, h2cUpgradeStreamId, isEndStream, alloc));
 				} catch (Exception e) {
 					logWarn("Unable to write HEADERS Frame to stream");
 				}
@@ -653,7 +652,7 @@ private bool handleFrameAlloc(ConnectionStream)(ref ConnectionStream stream, TCP
 						assert(false, "TODO");
 
 					// create DATA frame header
-					dataFrame.createHTTP2FrameHeader(cast(uint)resBody.length, HTTP2FrameType.DATA, 0x1, 1);
+					dataFrame.createHTTP2FrameHeader(cast(uint)resBody.length, HTTP2FrameType.DATA, 0x1, h2cUpgradeStreamId);
 
 					// append the DATA body
 					dataFrame.put(resBody);

source/vibe/http/internal/http2/settings.d

@@ -303,6 +303,61 @@ unittest {
 	assert(!settings.decode!Base64URL("a|b+*-c"));
 }
 
+// unpackSettings rejects enablePush values other than 0 or 1
+unittest {
+	import std.bitmanip : nativeToBigEndian;
+
+	// SETTINGS_ENABLE_PUSH (0x2) = 2 (invalid per RFC 7540 §6.5.2)
+	ubyte[] src = nativeToBigEndian(cast(ushort) 0x2) ~ nativeToBigEndian(cast(uint) 2);
+	HTTP2Settings settings;
+	try {
+		unpackSettings(settings, src);
+		assert(false, "Expected PROTOCOL_ERROR for enablePush=2");
+	} catch (HTTP2Exception e) {
+		assert(e.code == HTTP2Error.PROTOCOL_ERROR);
+	}
+}
+
+// unpackSettings rejects initialWindowSize >= 2^31
+unittest {
+	import std.bitmanip : nativeToBigEndian;
+
+	// SETTINGS_INITIAL_WINDOW_SIZE (0x4) = 2^31 (invalid per RFC 7540 §6.5.2)
+	ubyte[] src = nativeToBigEndian(cast(ushort) 0x4) ~ nativeToBigEndian(cast(uint)(1u << 31));
+	HTTP2Settings settings;
+	try {
+		unpackSettings(settings, src);
+		assert(false, "Expected FLOW_CONTROL_ERROR for initialWindowSize=2^31");
+	} catch (HTTP2Exception e) {
+		assert(e.code == HTTP2Error.FLOW_CONTROL_ERROR);
+	}
+}
+
+// unpackSettings rejects maxFrameSize outside [2^14, 2^24)
+unittest {
+	import std.bitmanip : nativeToBigEndian;
+
+	// SETTINGS_MAX_FRAME_SIZE (0x5) = 100 (below 2^14, invalid)
+	ubyte[] src = nativeToBigEndian(cast(ushort) 0x5) ~ nativeToBigEndian(cast(uint) 100);
+	HTTP2Settings settings;
+	try {
+		unpackSettings(settings, src);
+		assert(false, "Expected PROTOCOL_ERROR for maxFrameSize=100");
+	} catch (HTTP2Exception e) {
+		assert(e.code == HTTP2Error.PROTOCOL_ERROR);
+	}
+
+	// SETTINGS_MAX_FRAME_SIZE (0x5) = 2^24 (at upper bound, invalid)
+	src = nativeToBigEndian(cast(ushort) 0x5) ~ nativeToBigEndian(cast(uint)(1u << 24));
+	settings = HTTP2Settings.init;
+	try {
+		unpackSettings(settings, src);
+		assert(false, "Expected PROTOCOL_ERROR for maxFrameSize=2^24");
+	} catch (HTTP2Exception e) {
+		assert(e.code == HTTP2Error.PROTOCOL_ERROR);
+	}
+}
+
 /** Context is initialized on each new connection
 
 	it MUST remain consistent between streams of the same connection