From e115b49c399a0fd9cfa07ae41531549144ced9b0 Mon Sep 17 00:00:00 2001 From: Willy Tarreau Date: Fri, 1 May 2015 23:05:14 +0200 Subject: [PATCH] BUG/MEDIUM: http: wait for the exact amount of body bytes in wait_for_request_body Due to the fact that we were still considering only msg->sov for the first byte of data after calling http_parse_chunk_size(), we used to miscompute the input data size and to count the CRLF and the chunk size as part of the input data. The effect is that it was possible to release the processing with 3 or 4 missing bytes, especially if they're typed by hand during debugging sessions. This can cause the stats page to return some errors in admin mode, and the url_param balance algorithm to fail to properly hash a body input. This fix must be backported to 1.5. --- src/proto_http.c | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/src/proto_http.c b/src/proto_http.c index a60c03c51..dc599815a 100644 --- a/src/proto_http.c +++ b/src/proto_http.c @@ -4837,7 +4837,7 @@ int http_wait_for_request_body(struct stream *s, struct channel *req, int an_bit if (!(msg->flags & HTTP_MSGF_TE_CHNK)) { /* We're in content-length mode, we just have to wait for enough data. */ - if (req->buf->i - msg->sov < msg->body_len) + if (http_body_bytes(msg) < msg->body_len) goto missing_data; /* OK we have everything we need now */ @@ -4862,13 +4862,14 @@ int http_wait_for_request_body(struct stream *s, struct channel *req, int an_bit } /* Now we're in HTTP_MSG_DATA or HTTP_MSG_TRAILERS state. - * We have the first data byte is in msg->sov. We're waiting for at - * least a whole chunk or the whole content length bytes after msg->sov. + * We have the first data byte is in msg->sov + msg->sol. We're waiting + * for at least a whole chunk or the whole content length bytes after + * msg->sov + msg->sol. */ if (msg->msg_state == HTTP_MSG_TRAILERS) goto http_end; - if (req->buf->i - msg->sov >= msg->body_len) /* we have enough bytes now */ + if (http_body_bytes(msg) >= msg->body_len) /* we have enough bytes now */ goto http_end; missing_data: