upstream/haproxy
1
0
Fork 0
mirror of https://github.com/haproxy/haproxy.git synced 2026-04-23 15:19:36 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions 3

BUG/MEDIUM: mux-h1: Use buf_room_for_htx_data() to detect too large messages

Browse source 
During headers parsing, an error is returned if the message is too large and
does not fit in the input buffer. The mux h1 used the function b_full() to do
so. But to allow zero copy transfers, in h1_recv(), the input buffer is
pre-aligned and thus few bytes remains always free.

To fix the bug, as during the trailers parsing, the function
buf_room_for_htx_data() should be used instead.

This patch must be backported to 2.0 and 1.9.
This commit is contained in:
Christopher Faulet 2019-06-26 14:56:27 +02:00
parent 1d5ec0944f
commit e5438b749c
1 changed files with 1 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
src/mux_h1.c
View file

@ -984,7 +984,7 @@ static size_t h1_process_headers(struct h1s *h1s, struct h1m *h1m, struct htx *h
/* Incomplete or invalid message. If the buffer is full, it's an
* error because headers are too large to be handled by the
* parser. */
if (ret < 0 || (!ret && b_full(buf)))
if (ret < 0 || (!ret && !buf_room_for_htx_data(buf)))
goto error;
goto end;
}