From: Christopher Faulet <cfaulet@haproxy.com>
Date: Mon, 3 Jun 2024 15:46:16 +0000 (+0200)
Subject: BUG/MEDIUM: h1-htx: Don't state interim responses are bodyless
X-Git-Tag: v3.1-dev1~76
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=7c84ee71f77616f569081060d81455c137fc13f5;p=thirdparty%2Fhaproxy.git

BUG/MEDIUM: h1-htx: Don't state interim responses are bodyless

Interim responses are by definition bodyless. But we must not set the
corresponding HTX start-line flag, beecause the start-line of the final
response is still expected. Setting the flag above too early may lead the
multiplexer on the sending side to consider the message is finished after
the headers of the interim message.

It happens with the H2 multiplexer on frontend side if a "100-Continue" is
received from the server. The interim response is sent and
HTX_SL_F_BODYLESS_RESP flag is evaluated. Then, the headers of the final
response are sent with ES flag, because HTX_SL_F_BODYLESS_RESP flag was seen
too early, leading to a protocol error if the response has a body.

Thanks to grembo for this analysis.

This patch should fix the issue #2587. It must be backported as far as 2.9.
---

diff --git a/src/h1_htx.c b/src/h1_htx.c
index f4f13fc129..562c0f2b6f 100644
--- a/src/h1_htx.c
+++ b/src/h1_htx.c
@@ -295,7 +295,8 @@ static int h1_postparse_res_hdrs(struct h1m *h1m, union h1_sl *h1sl, struct htx
 		/* Responses known to have no body. */
 		h1m->flags |= H1_MF_XFER_LEN;
 		h1m->curr_len = h1m->body_len = 0;
-		flags |= HTX_SL_F_BODYLESS_RESP;
+		if (code >= 200)
+			flags |= HTX_SL_F_BODYLESS_RESP;
 	}
 	else if (h1m->flags & (H1_MF_CLEN|H1_MF_CHNK)) {
 		/* Responses with a known body length. */