From: Christopher Faulet <cfaulet@haproxy.com>
Date: Mon, 29 Mar 2021 09:09:45 +0000 (+0200)
Subject: BUG/MINOR: payload: Wait for more data if buffer is empty in payload/payload_lv
X-Git-Tag: v2.4-dev15~69
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=50623029f8171f7f499529f8002d3093fca12667;p=thirdparty%2Fhaproxy.git

BUG/MINOR: payload: Wait for more data if buffer is empty in payload/payload_lv

In payload() and payload_lv() sample fetches, if the buffer is empty, we
must wait for more data by setting SMP_F_MAY_CHANGE flag on the sample.
Otherwise, when it happens in an ACL, nothing is returned (because the
buffer is empty) and the ACL is considered as finished (success or failure
depending on the test).

As a workaround, the buffer length may be tested first. For instance :

    tcp-request inspect-delay 1s
    tcp-request content reject unless { req.len gt 0 } { req.payload(0,0),fix_is_valid }

instead of :

    tcp-request inspect-delay 1s
    tcp-request content reject if ! { req.payload(0,0),fix_is_valid }

This patch must be backported as far as 2.2.
---

diff --git a/src/payload.c b/src/payload.c
index f867541bc5..26994cff1a 100644
--- a/src/payload.c
+++ b/src/payload.c
@@ -984,7 +984,7 @@ smp_fetch_payload_lv(const struct arg *arg_p, struct sample *smp, const char *kw
 	}
 	max = global.tune.bufsize;
 	if (!head)
-		return 0;
+		goto too_short;
 
 	if (len_offset + len_size > data)
 		goto too_short;
@@ -1046,7 +1046,7 @@ smp_fetch_payload(const struct arg *arg_p, struct sample *smp, const char *kw, v
 	}
 	max = global.tune.bufsize;
 	if (!head)
-		return 0;
+		goto too_short;
 
 	if (buf_size > max || buf_offset + buf_size > max) {
 		/* will never match */