From: Christopher Faulet <cfaulet@haproxy.com>
Date: Mon, 11 Dec 2023 20:55:32 +0000 (+0100)
Subject: BUG/MEDIUM: mux-h1: Cound data from input buf during zero-copy forwarding
X-Git-Tag: v3.0-dev1~98
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=eed1e8733c279cda0b6a2db574ead4e0238177f6;p=thirdparty%2Fhaproxy.git

BUG/MEDIUM: mux-h1: Cound data from input buf during zero-copy forwarding

During zero-copy forwarding, we first try to forward data found in the input
buffer before trying to receive more data. These data must be removed from
the amount of data to forward (the cound variable).

Otherwise, on an internal retry, in h1_fastfwd(), we can be lead to read
more data than expected. It is especially a problem on the end of a
chunk. An error is erroneously reported because more data than announced are
received.

This patch should fix the issue #2382. It must be backported to 2.9.
---

diff --git a/src/mux_h1.c b/src/mux_h1.c
index d2acee6a36..cb70b84b4b 100644
--- a/src/mux_h1.c
+++ b/src/mux_h1.c
@@ -4633,6 +4633,7 @@ static int h1_fastfwd(struct stconn *sc, unsigned int count, unsigned int flags)
 	}
 
 	total += sdo->iobuf.data;
+	count -= sdo->iobuf.data;
 #if defined(USE_LINUX_SPLICE)
 	if (sdo->iobuf.pipe) {
 		/* Here, not data was xferred */