From eec7f8ac01cb744bc30f50327dd989b4763e0205 Mon Sep 17 00:00:00 2001
From: Christopher Faulet <cfaulet@haproxy.com>
Date: Fri, 20 Dec 2019 15:59:20 +0100
Subject: [PATCH] BUG/MEDIUM: stream: Be sure to never assign a TCP backend to
 an HTX stream

With a TCP frontend, it is possible to upgrade a connection to HTTP when the
backend is in HTTP mode. Concretly the upgrade install a new mux. So, once it is
done, the downgrade to TCP is no longer possible. So we must take care to never
assign a TCP backend to a stream on this connection. Otherwise, HAProxy crashes
because raw data from the server are handled as structured data on the client
side.

This patch fixes the issue #420. It must be backported to all versions
supporting the HTX.
---
 src/proxy.c | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/src/proxy.c b/src/proxy.c
index 838722d1e..a5570dafa 100644
--- a/src/proxy.c
+++ b/src/proxy.c
@@ -1477,6 +1477,14 @@ int stream_set_backend(struct stream *s, struct proxy *be)
 				s->flags |= SF_HTX;
 			}
 		}
+		else if (IS_HTX_STRM(s) && be->mode != PR_MODE_HTTP) {
+			/* If a TCP backend is assgiend to an HTX stream, return
+			 * an error. It may happens for a new stream on a
+			 * previously upgraded connnections. */
+			if (!(s->flags & SF_ERR_MASK))
+				s->flags |= SF_ERR_INTERNAL;
+			return 0;
+		}
 
 		/* we may request to parse a request body */
 		if (be->options & PR_O_WREQ_BODY)