mirrors/haproxy
1
0
Fork 0
mirror of https://git.haproxy.org/git/haproxy.git/ synced 2026-03-18 13:31:11 +01:00
Code Issues Projects Releases Wiki Activity

BUG/MEDIUM: stconn: Don't perform L7 retries with large buffer

Browse Source 
L7 retries are buggy when a large buffer is used on the request channel. A
memcpy is used to copy data from the request buffer into the L7 buffer. The
L7 buffer is for now always a standard buffer. So if a larger buffer is
used, this leads to a buffer overflow and crash the process.

The Best way to fix the issue is to disable L7 retries when a large buffer
was allocated for the request channel. In that case, we don't want to
allocate an extra large buffer.

No backport needed.
This commit is contained in:
Christopher Faulet 2026-03-12 21:41:31 +01:00
parent cd91838042
commit 9c0aeb3af4
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
src/stconn.c
View File

@ -1493,7 +1493,7 @@ int sc_conn_send(struct stconn *sc)
* disable the l7 retries by setting
* l7_conn_retries to 0.
*/
if (s->txn->req.msg_state != HTTP_MSG_DONE)
if (s->txn->req.msg_state != HTTP_MSG_DONE || b_is_large(&oc->buf))
s->txn->flags &= ~TX_L7_RETRY;
else {
if (b_alloc(&s->txn->l7_buffer, DB_UNLIKELY) == NULL)