BUG/MEDIUM: http: don't dump debug headers on MSG_ERROR

When the HTTP parser is in state HTTP_MSG_ERROR, we don't know if it was
already initialized or not. If the error happens before HTTP_MSG_RQBEFORE,
random offsets might be present and we don't want to display such random
strings in debug mode.

While it's theorically possible to randomly crash the process when running
in debug mode here, this bug was not tagged MAJOR because it would not
make sense to run in debug mode in production.

This fix must be backported to 1.5 and 1.4.

diff --git a/src/proto_http.c b/src/proto_http.c
index 3a3aa80306d62dd9e8d94a56cf4532dcf72d759c..6497dac501abffd13a60d011079814e966770b14 100644 (file)
--- a/src/proto_http.c
+++ b/src/proto_http.c
@@ -2546,7 +2546,7 @@ int http_wait_for_request(struct session *s, struct channel *req, int an_bit)
        /* 1: we might have to print this header in debug mode */
        if (unlikely((global.mode & MODE_DEBUG) &&
                     (!(global.mode & MODE_QUIET) || (global.mode & MODE_VERBOSE)) &&
-                    (msg->msg_state >= HTTP_MSG_BODY || msg->msg_state == HTTP_MSG_ERROR))) {
+                    msg->msg_state >= HTTP_MSG_BODY)) {
                char *eol, *sol;
 
                sol = req->buf->p;
@@ -5694,7 +5694,7 @@ int http_wait_for_response(struct session *s, struct channel *rep, int an_bit)
        /* 1: we might have to print this header in debug mode */
        if (unlikely((global.mode & MODE_DEBUG) &&
                     (!(global.mode & MODE_QUIET) || (global.mode & MODE_VERBOSE)) &&
-                    (msg->msg_state >= HTTP_MSG_BODY || msg->msg_state == HTTP_MSG_ERROR))) {
+                    msg->msg_state >= HTTP_MSG_BODY)) {
                char *eol, *sol;
 
                sol = rep->buf->p;