From: Frédéric Lécaille Date: Wed, 15 Dec 2021 21:38:48 +0000 (+0100) Subject: MINOR: hq_interop: Stop BUG_ON() truncated streams X-Git-Tag: v2.6-dev1~268 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=afd373c23237f4b1c8af73e1f6db86d847788272;p=thirdparty%2Fhaproxy.git MINOR: hq_interop: Stop BUG_ON() truncated streams This is required if we do not want to make haproxy crash during zerortt interop runner test which makes a client open multiple streams with long request paths. --- diff --git a/src/hq_interop.c b/src/hq_interop.c index 9af937f700..8271196060 100644 --- a/src/hq_interop.c +++ b/src/hq_interop.c @@ -17,23 +17,48 @@ static int hq_interop_decode_qcs(struct qcs *qcs, int fin, void *ctx) struct conn_stream *cs; struct buffer htx_buf = BUF_NULL; struct ist path; - char *ptr; + char *ptr = b_head(rxbuf); + char *end = b_wrap(rxbuf); + size_t size = b_size(rxbuf); + size_t data = b_data(rxbuf); b_alloc(&htx_buf); htx = htx_from_buf(&htx_buf); /* skip method */ - ptr = b_orig(rxbuf); - while (HTTP_IS_TOKEN(*ptr)) - ++ptr; - BUG_ON(!HTTP_IS_SPHT(*ptr)); - ++ptr; + while (data && HTTP_IS_TOKEN(*ptr)) { + if (++ptr == end) + ptr -= size; + data--; + } + + if (!data || !HTTP_IS_SPHT(*ptr)) { + fprintf(stderr, "truncated stream\n"); + return 0; + } + + if (++ptr == end) + ptr -= size; + + if (!--data) { + fprintf(stderr, "truncated stream\n"); + return 0; + } /* extract path */ BUG_ON(HTTP_IS_LWS(*ptr)); path.ptr = ptr; - while (!HTTP_IS_LWS(*ptr)) - ++ptr; + while (data && !HTTP_IS_LWS(*ptr)) { + if (++ptr == end) + ptr -= size; + data--; + } + + if (!data) { + fprintf(stderr, "truncated stream\n"); + return 0; + } + BUG_ON(!HTTP_IS_LWS(*ptr)); path.len = ptr - path.ptr;