git.ipfire.org Git - thirdparty/haproxy.git/commit

author	Willy Tarreau <w@1wt.eu>
	Mon, 28 Mar 2011 14:06:28 +0000 (16:06 +0200)
committer	Willy Tarreau <w@1wt.eu>
	Mon, 28 Mar 2011 14:25:16 +0000 (16:25 +0200)
commit	d8ee85a0a32398a6d4a14ad59b3c0f27adfa0dfb
tree	e2e335ff72def123f64a1d3aab7d66dd9bfc4c25	tree
parent	d3db94399f762d0aae911e2fe16f1cf2c37f6a9b	commit \| diff

[BUG] http: fix content-length handling on 32-bit platforms

Despite much care around handling the content-length as a 64-bit integer,
forwarding was broken on 32-bit platforms due to the 32-bit nature of
the ->to_forward member of the "buffer" struct. The issue is that this
member is declared as a long, so while it works OK on 64-bit platforms,
32-bit truncate the content-length to the lower 32-bits.

One solution could consist in turning to_forward to a long long, but it
is used a lot in the critical path, so it's not acceptable to perform
all buffer size computations on 64-bit there.

The fix consists in changing the to_forward member to a strict 32-bit
integer and ensure in buffer_forward() that only the amount of bytes
that can fit into it is considered. Callers of buffer_forward() are
responsible for checking that their data were taken into account. We
arbitrarily ensure we never consider more than 2G at once.

That's the way it was intended to work on 32-bit platforms except that
it did not.

This issue was tracked down hard at Exosec with Bertrand Jacquin,
Thierry Fournier and Julien Thomas. It remained undetected for a long
time because files larger than 4G are almost always transferred in
chunked-encoded format, and most platforms dealing with huge contents
these days run on 64-bit.

The bug affects all 1.5 and 1.4 versions, and must be backported.

include/proto/buffers.h		diff \| blob \| blame \| history
include/types/buffers.h		diff \| blob \| blame \| history
src/dumpstats.c		diff \| blob \| blame \| history
src/proto_http.c		diff \| blob \| blame \| history