mirrors/haproxy
1
0
Fork 0
mirror of https://git.haproxy.org/git/haproxy.git/ synced 2025-08-08 08:07:10 +02:00
Code Issues Projects Releases Wiki Activity

BUG/MEDIUM: http: accept full buffers on smp_prefetch_http

Browse Source 
Bertrand Jacquin reported a but when using tcp_request content rules
on large POST HTTP requests. The issue is that smp_prefetch_http()
first tries to validate an input buffer, but only if the buffer is
not full. This test is wrong since it must only be performed after
the parsing has failed, otherwise we don't accept POST requests which
fill the buffer as valid HTTP requests.

This bug is 1.5-specific, no backport needed.
This commit is contained in:
Willy Tarreau 2013-10-14 22:41:30 +02:00
parent ed5a4aefae
commit 472b1ee115
1 changed files with 1 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
src/proto_http.c
View File

@ -8927,10 +8927,8 @@ smp_prefetch_http(struct proxy *px, struct session *s, void *l7, unsigned int op
buffer_slow_realign(s->req->buf); buffer_slow_realign(s->req->buf);
if (unlikely(txn->req.msg_state < HTTP_MSG_BODY)) { if (unlikely(txn->req.msg_state < HTTP_MSG_BODY)) {
if ((msg->msg_state == HTTP_MSG_ERROR) || if (msg->msg_state == HTTP_MSG_ERROR)
buffer_full(s->req->buf, global.tune.maxrewrite)) {
return 0; return 0;
}
/* Try to decode HTTP request */ /* Try to decode HTTP request */
if (likely(msg->next < s->req->buf->i)) if (likely(msg->next < s->req->buf->i))