BUG/MEDIUM: httpclient: limit transfers to the maximum available room

A bug was uncovered by commit fc5912914 ("MINOR: httpclient: Don't limit
data transfer to 1024 bytes"), it happens that callers of b_xfer() and
b_force_xfer() are expected to check for available room in the target
buffer. Previously it was unlikely to be full but now with full buffer-
sized transfers, it happens more often and in practice it is possible
to crash the process with the debug command "httpclient" on the CLI by
going beyond a the max buffer size. Other call places ought to be
rechecked by now and it might be time to rethink this API if it tends
to generalize.

This must be backported to 2.5.

diff --git a/src/http_client.c b/src/http_client.c
index d2e23fff50bd4aaa9045180932523a882a19c9ba..f2b60ae2fb5deb1bf8b2e6d44482058e49912df2 100644 (file)
--- a/src/http_client.c
+++ b/src/http_client.c
@@ -352,9 +352,10 @@ error:
  */
 int httpclient_res_xfer(struct httpclient *hc, struct buffer *dst)
 {
+       size_t room = b_room(dst);
        int ret;
 
-       ret = b_force_xfer(dst, &hc->res.buf, b_data(&hc->res.buf));
+       ret = b_force_xfer(dst, &hc->res.buf, MIN(room, b_data(&hc->res.buf)));
        /* call the client once we consumed all data */
        if (!b_data(&hc->res.buf)) {
                b_free(&hc->res.buf);