From: Willy Tarreau <w@1wt.eu>
Date: Mon, 14 Oct 2013 20:41:30 +0000 (+0200)
Subject: BUG/MEDIUM: http: accept full buffers on smp_prefetch_http
X-Git-Tag: v1.5-dev20~261
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=472b1ee115f45129ea3fc19e26f85b3ec9715abe;p=thirdparty%2Fhaproxy.git

BUG/MEDIUM: http: accept full buffers on smp_prefetch_http

Bertrand Jacquin reported a but when using tcp_request content rules
on large POST HTTP requests. The issue is that smp_prefetch_http()
first tries to validate an input buffer, but only if the buffer is
not full. This test is wrong since it must only be performed after
the parsing has failed, otherwise we don't accept POST requests which
fill the buffer as valid HTTP requests.

This bug is 1.5-specific, no backport needed.
---

diff --git a/src/proto_http.c b/src/proto_http.c
index 5e10ba2bf8..0e9e429c57 100644
--- a/src/proto_http.c
+++ b/src/proto_http.c
@@ -8927,10 +8927,8 @@ smp_prefetch_http(struct proxy *px, struct session *s, void *l7, unsigned int op
 			buffer_slow_realign(s->req->buf);
 
 		if (unlikely(txn->req.msg_state < HTTP_MSG_BODY)) {
-			if ((msg->msg_state == HTTP_MSG_ERROR) ||
-			    buffer_full(s->req->buf, global.tune.maxrewrite)) {
+			if (msg->msg_state == HTTP_MSG_ERROR)
 				return 0;
-			}
 
 			/* Try to decode HTTP request */
 			if (likely(msg->next < s->req->buf->i))