From 0af4bd7bebc5083f835d901479ce4dd23f61f432 Mon Sep 17 00:00:00 2001 From: vishnu Date: Sun, 24 Oct 2021 06:46:24 +0530 Subject: [PATCH] BUG/MEDIUM: lua: fix invalid return types in hlua_http_msg_get_body hlua_http_msg_get_body must return either a Lua string or nil. For some HTTPMessage objects, HTX_BLK_EOT blocks are also present in the HTX buffer along with HTX_BLK_DATA blocks. In such cases, _hlua_http_msg_dup will start copying data into a luaL_Buffer until it encounters an HTX_BLK_EOT. But then instead of pushing neither the luaL_Buffer nor `nil` to the Lua stack, the function will return immediately. The end result will be that the caller of the HTTPMessage.body() method from a Lua filter will see whatever object was on top of the stack as return value. It may be either a userdata object if HTTPMessage.body() was called with only two arguments, or the third argument itself if called with three arguments. Hence HTTPMessage.body() would return either nil, or HTTPMessage body as Lua string, or a userdata objects, or number. This fix ensure that HTTPMessage.body() will always return either a string or nil. Reviewed-by: Christopher Faulet --- src/hlua.c | 18 +++++++++++------- 1 file changed, 11 insertions(+), 7 deletions(-) diff --git a/src/hlua.c b/src/hlua.c index 27c62165c..9de8fc683 100644 --- a/src/hlua.c +++ b/src/hlua.c @@ -6338,20 +6338,24 @@ static int _hlua_http_msg_dup(struct http_msg *msg, lua_State *L, size_t offset, break; default: - if (!ret) { - /* Remove the empty string and push nil on the stack */ - lua_pop(L, 1); - lua_pushnil(L); - } + if (!ret) + goto no_data; goto end; } offset = 0; } - luaL_pushresult(&b); - end: + if (!ret && (htx->flags & HTX_FL_EOM)) + goto no_data; + luaL_pushresult(&b); return ret; + + no_data: + /* Remove the empty string and push nil on the stack */ + lua_pop(L, 1); + lua_pushnil(L); + return 0; } /* Copies the string to the HTTP message at the offset