upstream/haproxy
1
0
Fork 0
mirror of https://github.com/haproxy/haproxy.git synced 2026-04-07 01:55:55 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions 6

BUG/MEDIUM: mux-h1: Trim excess server data at the end of a transaction

Browse source 
At the end of a transaction, when the conn_stream is detach from the H1
connection, on the server side, we must release the input buffer to trim any
excess data received from the server to be sure to block invalid responses.  A
typical example of such data would be from a buggy server responding to a HEAD
with some data, or sending more than the advertised content-length.

This issue was reported on Gitbub. See issue #176.

This patch must be backported to 2.0 and 1.9.
This commit is contained in:
Christopher Faulet 2019-07-19 11:34:08 +02:00
parent f89f0991f6
commit 03627245c6
1 changed files with 5 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

5
src/mux_h1.c
View file

@ -2177,6 +2177,11 @@ static void h1_detach(struct conn_stream *cs)
if (conn_is_back(h1c->conn) && has_keepalive &&
!(h1c->conn->flags & (CO_FL_ERROR | CO_FL_SOCK_RD_SH | CO_FL_SOCK_WR_SH))) {
/* Release input buffer to trim any excess data received from
* the server to be sure to block invalid responses.
*/
h1_release_buf(h1c, &h1c->ibuf);
/* Never ever allow to reuse a connection from a non-reuse backend */
if ((h1c->px->options & PR_O_REUSE_MASK) == PR_O_REUSE_NEVR)
h1c->conn->flags |= CO_FL_PRIVATE;