From: Remi Tricot-Le Breton Date: Tue, 21 Feb 2023 16:42:04 +0000 (+0100) Subject: BUG/MINOR: cache: Check cache entry is complete in case of Vary X-Git-Tag: v2.8-dev5~141 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=25917cdb12412378a80e755ffc18b5cb67c36fd2;p=thirdparty%2Fhaproxy.git BUG/MINOR: cache: Check cache entry is complete in case of Vary Before looking for a secondary cache entry for a given request we checked that the first entry was complete, which might prevent us from using a valid entry if the first one with the same primary key is not full yet. Likewise, if the primary entry is complete but not the secondary entry we try to use, we might end up using a partial entry from the cache as a response. This bug was raised in GitHub #2048. It can be backported up to branch 2.4. --- diff --git a/src/cache.c b/src/cache.c index c7a231bbeb..9683c088af 100644 --- a/src/cache.c +++ b/src/cache.c @@ -1802,8 +1802,10 @@ enum act_return http_action_req_cache_use(struct act_rule *rule, struct proxy *p shctx_lock(shctx_ptr(cache)); res = entry_exist(cache, s->txn->cache_hash); - /* We must not use an entry that is not complete. */ - if (res && res->complete) { + /* We must not use an entry that is not complete but the check will be + * performed after we look for a potential secondary entry (in case of + * Vary). */ + if (res) { struct appctx *appctx; entry_block = block_ptr(res); shctx_row_inc_hot(shctx_ptr(cache), entry_block); @@ -1830,9 +1832,11 @@ enum act_return http_action_req_cache_use(struct act_rule *rule, struct proxy *p res = NULL; } - /* We looked for a valid secondary entry and could not find one, - * the request must be forwarded to the server. */ - if (!res) { + /* We either looked for a valid secondary entry and could not + * find one, or the entry we want to use is not complete. We + * can't use the cache's entry and must forward the request to + * the server. */ + if (!res || !res->complete) { shctx_lock(shctx_ptr(cache)); shctx_row_dec_hot(shctx_ptr(cache), entry_block); shctx_unlock(shctx_ptr(cache));