From 6cdaf2ad9a73f3b319cac409c7116ab090342049 Mon Sep 17 00:00:00 2001 From: Christopher Faulet Date: Tue, 12 Feb 2019 14:29:57 +0100 Subject: [PATCH] BUG/MEDIUM: proto_htx: Fix data size update if end of the cookie is removed When client-side or server-side cookies are parsed, if the end of the cookie line is removed, the HTX message must be updated. The length of the HTX block is decreased and the data size of the HTX message is modified accordingly. The update of the HTX block was ok but the update of the HTX message was wrong, leading to undefined behaviours during the data forwarding. One of possible effect was a freeze of the connection and no data forward. This patch must be backported in 1.9. --- src/proto_htx.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/src/proto_htx.c b/src/proto_htx.c index 9e285f216a..59b7cb2738 100644 --- a/src/proto_htx.c +++ b/src/proto_htx.c @@ -4281,7 +4281,7 @@ static void htx_manage_client_side_cookies(struct stream *s, struct channel *req if ((hdr_end - hdr_beg) != ctx.value.len) { if (hdr_beg != hdr_end) { htx_set_blk_value_len(ctx.blk, hdr_end - hdr_beg); - htx->data -= (hdr_end - ctx.value.ptr); + htx->data -= ctx.value.len - (hdr_end - hdr_beg); } else http_remove_header(htx, &ctx); @@ -4460,9 +4460,9 @@ static void htx_manage_server_side_cookies(struct stream *s, struct channel *res next += stripped_before; hdr_end += stripped_before; + htx_set_blk_value_len(ctx.blk, hdr_end - hdr_beg); + htx->data -= ctx.value.len - (hdr_end - hdr_beg); ctx.value.len = hdr_end - hdr_beg; - htx_set_blk_value_len(ctx.blk, ctx.value.len); - htx->data -= (hdr_end - ctx.value.ptr); } /* First, let's see if we want to capture this cookie. We check -- 2.47.3