mirrors/haproxy
1
0
Fork 0
mirror of https://git.haproxy.org/git/haproxy.git/ synced 2025-09-21 13:51:26 +02:00
Code Issues Projects Releases Wiki Activity

BUG/MINOR: proxy: unsafe initialization of HTTP transaction when switching from TCP frontend

Browse Source 
A switch from a TCP frontend to an HTTP backend initializes the HTTP
transaction. txn->hdr_idx.size is used by hdr_idx_init() but not
necessarily initialized yet here, because the first call to hdr_idx_init()
is in fact placed in http_init_txn(). Moving it before the call is
enough to fix it. We also remove the useless extra confusing call
to hdr_idx_init().

The bug was introduced in 1.5-dev8 with commit ac1932d ("MEDIUM:
tune.http.maxhdr makes it possible to configure the maximum number
of HTTP headers"). No backport to stable is needed.
This commit is contained in:
Willy Tarreau 2014-04-28 16:13:51 +02:00
parent e47e4e2385
commit f767ac55a2
1 changed files with 1 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
src/proxy.c
View File

@ -925,14 +925,12 @@ int session_set_backend(struct session *s, struct proxy *be)
* a struct hdr_idx for it if we did not have one. * a struct hdr_idx for it if we did not have one.
*/ */
if (unlikely(!s->txn.hdr_idx.v && be->http_needed)) { if (unlikely(!s->txn.hdr_idx.v && be->http_needed)) {
s->txn.hdr_idx.size = global.tune.max_http_hdr;
if ((s->txn.hdr_idx.v = pool_alloc2(pool2_hdr_idx)) == NULL) if ((s->txn.hdr_idx.v = pool_alloc2(pool2_hdr_idx)) == NULL)
return 0; /* not enough memory */ return 0; /* not enough memory */
/* and now initialize the HTTP transaction state */ /* and now initialize the HTTP transaction state */
http_init_txn(s); http_init_txn(s);
s->txn.hdr_idx.size = global.tune.max_http_hdr;
hdr_idx_init(&s->txn.hdr_idx);
} }
/* If an LB algorithm needs to access some pre-parsed body contents, /* If an LB algorithm needs to access some pre-parsed body contents,