BUG/MEDIUM: h2/htx: Update data length of the HTX when the cookie list is built

When an H2 request is converted into an HTX message, All cookie headers are
grouped into one, each value separated by a semicolon (;). To do so, we add the
header "cookie" with the first value and then we update the value by appending
other cookies. But during this operation, only the size of the HTX block is
updated. And not the data length of the whole HTX message.

It is an old bug and it seems to work by chance till now. But it may lead to
undefined behaviour by time to time.

This patch must be backported to 2.0 and 1.9

diff --git a/src/h2.c b/src/h2.c
index 9681aca53205b667f8b7d1ddfb0e47eca1b222d9..32c1ef16be8042c03fa4fb95fdff0591519cf506 100644 (file)
--- a/src/h2.c
+++ b/src/h2.c
@@ -737,6 +737,7 @@ int h2_make_htx_request(struct http_hdr *list, struct htx *htx, unsigned int *ms
                                goto fail;
 
                        htx_set_blk_value_len(blk, tl);
+                       htx->data += vl+2;
                        *(char *)(htx_get_blk_ptr(htx, blk) + bs + 0) = ';';
                        *(char *)(htx_get_blk_ptr(htx, blk) + bs + 1) = ' ';
                        memcpy(htx_get_blk_ptr(htx, blk) + bs + 2, list[ck].v.ptr, vl);