BUG/MEDIUM: http-client: Properly inc input data when HTX blocks are xferred

When HTX blocks from the requests are transferred into the channel buffer,
the return value of htx_xfer_blks() function must not be used to increment
the channel input value because meta data are counted here while they are
not part of input data. Because of this bug, it is possible to forward more
data than these present in the channel buffer.

Instead, we look at the input data before and after the transfer and the
difference is added.

It is only an issue with large POSTs, when the payload is streamed.

This patch must be backported as far as 2.6.

diff --git a/src/http_client.c b/src/http_client.c
index 47d73e004580abac4094f0531552d846bfb302b3..96156ecc3645194675c91f271f773f4a0e096801 100644 (file)
--- a/src/http_client.c
+++ b/src/http_client.c
@@ -592,9 +592,11 @@ void httpclient_applet_io_handler(struct appctx *appctx)
                                                        channel_add_input(req, data);
                                                } else {
                                                        struct htx_ret ret;
+                                                       size_t data = htx->data;
 
                                                        ret = htx_xfer_blks(htx, hc_htx, htx_used_space(hc_htx), HTX_BLK_UNUSED);
-                                                       channel_add_input(req, ret.ret);
+                                                       data = htx->data - data;
+                                                       channel_add_input(req, data);
 
                                                        /* we must copy the EOM if we empty the buffer */
                                                        if (htx_is_empty(hc_htx)) {