From: Willy Tarreau <w@1wt.eu>
Date: Thu, 17 Apr 2014 09:40:10 +0000 (+0200)
Subject: MEDIUM: http: http_parse_chunk_crlf() must not advance the buffer pointer
X-Git-Tag: v1.5-dev23~29
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=0669d7dcf3c8193f35798d07b81d5db50bd392ec;p=thirdparty%2Fhaproxy.git

MEDIUM: http: http_parse_chunk_crlf() must not advance the buffer pointer

This function is only a parser, it must start to parse at the next character
and only update the outgoing relative pointers, but not expect the buffer to
be aligned with the next byte to be parsed.

It's important to fix this otherwise we cannot use this function to parse
chunks without starting to forward data.
---

diff --git a/src/proto_http.c b/src/proto_http.c
index 4c78af8141..943439cbe4 100644
--- a/src/proto_http.c
+++ b/src/proto_http.c
@@ -2123,7 +2123,7 @@ static inline int http_skip_chunk_crlf(struct http_msg *msg)
 	 * against the correct length.
 	 */
 	bytes = 1;
-	ptr = buf->p;
+	ptr = b_ptr(buf, msg->next);
 	if (*ptr == '\r') {
 		bytes++;
 		ptr++;
@@ -2131,7 +2131,7 @@ static inline int http_skip_chunk_crlf(struct http_msg *msg)
 			ptr = buf->data;
 	}
 
-	if (bytes > buf->i)
+	if (msg->next + bytes > buf->i)
 		return 0;
 
 	if (*ptr != '\n') {
@@ -2143,7 +2143,8 @@ static inline int http_skip_chunk_crlf(struct http_msg *msg)
 	if (unlikely(ptr >= buf->data + buf->size))
 		ptr = buf->data;
 	/* prepare the CRLF to be forwarded (->sov) */
-	msg->sov = msg->next = bytes;
+	msg->sov  += bytes;
+	msg->next += bytes;
 	msg->msg_state = HTTP_MSG_CHUNK_SIZE;
 	return 1;
 }