mirrors/haproxy
1
0
Fork 0
mirror of https://git.haproxy.org/git/haproxy.git/ synced 2025-08-19 05:31:26 +02:00
Code Issues Projects Releases Wiki Activity

BUG/MEDIUM: mux-h1: Report the right amount of data xferred in h1_rcv_buf()

Browse Source 
h1_rcv_buf() must return the amount of data copied in the channel's buffer and
not the number of bytes parsed. Because this value is used during the fast
forwarding to decrement to_forward value, returning the wrong value leads to
undefined behaviours.

This patch must be backported to 1.9.
This commit is contained in:
Christopher Faulet 2019-02-25 15:29:51 +01:00
parent 2292edf67c
commit b8d2ee0406
1 changed files with 6 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
src/mux_h1.c
View File

@ -1316,12 +1316,14 @@ static size_t h1_process_input(struct h1c *h1c, struct buffer *buf, int flags)
struct h1s *h1s = h1c->h1s;
struct h1m *h1m;
struct htx *htx;
size_t data = 0;
size_t total = 0;
size_t ret = 0;
size_t count, rsv;
int errflag;
htx = htx_from_buf(buf);
data = htx->data;
count = b_data(&h1c->ibuf);
if (!count)
goto end;
@ -1373,7 +1375,7 @@ static size_t h1_process_input(struct h1c *h1c, struct buffer *buf, int flags)
end:
htx_to_buf(htx, buf);
data = (htx->data - data);
if (h1c->flags & H1C_F_IN_FULL && buf_room_for_htx_data(&h1c->ibuf)) {
h1c->flags &= ~H1C_F_IN_FULL;
tasklet_wakeup(h1c->wait_event.task);
@ -1390,9 +1392,11 @@ static size_t h1_process_input(struct h1c *h1c, struct buffer *buf, int flags)
if ((h1s->cs->flags & CS_FL_REOS) && (!b_data(&h1c->ibuf) || htx_is_empty(htx))) {
h1s->cs->flags |= CS_FL_EOS;
if (h1m->state < H1_MSG_DONE)
h1s->cs->flags |= CS_FL_ERROR;
}
return total;
return data;
parsing_err:
b_reset(&h1c->ibuf);