mirrors/haproxy
1
0
Fork 0
mirror of https://git.haproxy.org/git/haproxy.git/ synced 2025-11-26 21:31:01 +01:00
Code Issues Projects Releases Wiki Activity

BUG/MAJOR: http: fix the 'next' pointer when performing a redirect

Browse Source 
Commit bed410e ("MAJOR: http: centralize data forwarding in the request path")
has woken up an issue in redirects, where msg->next is not reset when flushing
the input buffer. The result is an attempt to forward a negative amount of
data, making haproxy crash.

This bug does not seem to affect versions prior to dev23, so no backport is
needed.
This commit is contained in:
Willy Tarreau 2014-04-25 12:19:32 +02:00
parent 1746eecc52
commit 6d8bac7ddc
1 changed files with 1 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
src/proto_http.c
View File

@ -3530,6 +3530,7 @@ static int http_apply_redirect_rule(struct redirect_rule *rule, struct session *
bo_inject(txn->rsp.chn, trash.str, trash.len);
/* "eat" the request */
bi_fast_delete(txn->req.chn->buf, msg->sov);
msg->next -= msg->sov;
msg->sov = 0;
txn->req.chn->analysers = AN_REQ_HTTP_XFER_BODY;
s->rep->analysers = AN_RES_HTTP_XFER_BODY;