From: Willy Tarreau Date: Wed, 17 Mar 2010 14:54:24 +0000 (+0100) Subject: [BUG] http: fix truncated responses on chunk encoding when size divides buffer size X-Git-Tag: v1.4.2~4 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=bf3f1de5b58aa77c2a3da4e143d5a7b2f1056b53;p=thirdparty%2Fhaproxy.git [BUG] http: fix truncated responses on chunk encoding when size divides buffer size Bernhard Krieger reported truncated HTTP responses in presence of some specific chunk-encoded data, and kindly offered complete traces of the issue which made it easy to reproduce it. Those traces showed that the chunks were of exactly 8192 bytes, chunk size and CRLF included, which was exactly half the size of the buffer. In this situation, the function http_chunk_skip_crlf() could erroneously try to parse a CRLF after the chunk believing there were more data pending, because the number of bytes present in the buffer was considered instead of the number of remaining bytes to be parsed. --- diff --git a/src/proto_http.c b/src/proto_http.c index f1ec7cd84f..694e98dc5e 100644 --- a/src/proto_http.c +++ b/src/proto_http.c @@ -2245,7 +2245,7 @@ int http_skip_chunk_crlf(struct buffer *buf, struct http_msg *msg) ptr = buf->data; } - if (buf->l < bytes) + if (bytes > buf->l - buf->send_max) return 0; if (*ptr != '\n')