From bf3f1de5b58aa77c2a3da4e143d5a7b2f1056b53 Mon Sep 17 00:00:00 2001 From: Willy Tarreau Date: Wed, 17 Mar 2010 15:54:24 +0100 Subject: [PATCH] [BUG] http: fix truncated responses on chunk encoding when size divides buffer size Bernhard Krieger reported truncated HTTP responses in presence of some specific chunk-encoded data, and kindly offered complete traces of the issue which made it easy to reproduce it. Those traces showed that the chunks were of exactly 8192 bytes, chunk size and CRLF included, which was exactly half the size of the buffer. In this situation, the function http_chunk_skip_crlf() could erroneously try to parse a CRLF after the chunk believing there were more data pending, because the number of bytes present in the buffer was considered instead of the number of remaining bytes to be parsed. --- src/proto_http.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/proto_http.c b/src/proto_http.c index f1ec7cd84..694e98dc5 100644 --- a/src/proto_http.c +++ b/src/proto_http.c @@ -2245,7 +2245,7 @@ int http_skip_chunk_crlf(struct buffer *buf, struct http_msg *msg) ptr = buf->data; } - if (buf->l < bytes) + if (bytes > buf->l - buf->send_max) return 0; if (*ptr != '\n')