From 0669d7dcf3c8193f35798d07b81d5db50bd392ec Mon Sep 17 00:00:00 2001 From: Willy Tarreau Date: Thu, 17 Apr 2014 11:40:10 +0200 Subject: [PATCH] MEDIUM: http: http_parse_chunk_crlf() must not advance the buffer pointer This function is only a parser, it must start to parse at the next character and only update the outgoing relative pointers, but not expect the buffer to be aligned with the next byte to be parsed. It's important to fix this otherwise we cannot use this function to parse chunks without starting to forward data. --- src/proto_http.c | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/src/proto_http.c b/src/proto_http.c index 4c78af8141..943439cbe4 100644 --- a/src/proto_http.c +++ b/src/proto_http.c @@ -2123,7 +2123,7 @@ static inline int http_skip_chunk_crlf(struct http_msg *msg) * against the correct length. */ bytes = 1; - ptr = buf->p; + ptr = b_ptr(buf, msg->next); if (*ptr == '\r') { bytes++; ptr++; @@ -2131,7 +2131,7 @@ static inline int http_skip_chunk_crlf(struct http_msg *msg) ptr = buf->data; } - if (bytes > buf->i) + if (msg->next + bytes > buf->i) return 0; if (*ptr != '\n') { @@ -2143,7 +2143,8 @@ static inline int http_skip_chunk_crlf(struct http_msg *msg) if (unlikely(ptr >= buf->data + buf->size)) ptr = buf->data; /* prepare the CRLF to be forwarded (->sov) */ - msg->sov = msg->next = bytes; + msg->sov += bytes; + msg->next += bytes; msg->msg_state = HTTP_MSG_CHUNK_SIZE; return 1; } -- 2.47.3