From eaed5a1d4610981a86f21ce03e01ab24a6b256c5 Mon Sep 17 00:00:00 2001 From: Willy Tarreau Date: Wed, 24 Mar 2010 14:54:30 +0100 Subject: [PATCH] [BUG] backend: L7 hashing must not be performed on incomplete requests Isidore Li reported an occasional segfault when using URL hashing, and kindly provided backtraces and core files to help debugging. The problem was triggered by reset connections before the URL was sent, and was due to the same bug which was fixed by commit e45997661bf (connections were attempted in case of connection abort). While that bug was already fixed, it appeared that the same segfault could be triggered when URL hashing is configured in an HTTP backend when the frontend runs in TCP mode and no URL was seen. It is totally abnormal to try to hash a null URL, as well as to process any kind of L7 hashing when a full request was not seen. This additional fix now ensures that layer7 hashing is not performed on incomplete requests. --- src/backend.c | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/src/backend.c b/src/backend.c index 8b8b4377b..1a8653762 100644 --- a/src/backend.c +++ b/src/backend.c @@ -534,6 +534,8 @@ int assign_server(struct session *s) case BE_LB_HASH_URI: /* URI hashing */ + if (s->txn.req.msg_state < HTTP_MSG_BODY) + break; s->srv = get_server_uh(s->be, s->txn.req.sol + s->txn.req.sl.rq.u, s->txn.req.sl.rq.u_l); @@ -541,6 +543,8 @@ int assign_server(struct session *s) case BE_LB_HASH_PRM: /* URL Parameter hashing */ + if (s->txn.req.msg_state < HTTP_MSG_BODY) + break; if (s->txn.meth == HTTP_METH_POST && memchr(s->txn.req.sol + s->txn.req.sl.rq.u, '&', s->txn.req.sl.rq.u_l ) == NULL) @@ -553,6 +557,8 @@ int assign_server(struct session *s) case BE_LB_HASH_HDR: /* Header Parameter hashing */ + if (s->txn.req.msg_state < HTTP_MSG_BODY) + break; s->srv = get_server_hh(s); break;