BUG/MEDIUM: mux-h1: Properly detect full buffer cases during message parsing

When the destination buffer is full while there are still data to parse, the
h1s must be marked as congested to be able to restart the parsing
later. This work on headers and data parsing. But on trailers parsing, we
fail to do so when the buffer is full before to parse the trailers. In this
case, we skip the trailers parsing but the h1s is not marked as
congested. This is important to be sure to wake up the mux to restart the
parsing when some room is made in the buffer.

Because of this bug, the message processing may hang till a timeout is
triggered. Note that for 2.3 and 2.2, the EOM processing is buggy too, for
the same reason. It should be fixed too on these versions. On the 2.0, only
trailers parsing is affected.

This patch must be backported as far as 2.0. On 2.3 and 2.2, the EOM parsing
must be fixed too.

diff --git a/src/mux_h1.c b/src/mux_h1.c
index 886caaaa7a369b5a17983315ae717412ee2a1894..1459fadfab0827155c437e2c9aa92eee78c9fc34 100644 (file)
--- a/src/mux_h1.c
+++ b/src/mux_h1.c
@@ -1666,7 +1666,7 @@ static size_t h1_handle_trailers(struct h1s *h1s, struct h1m *h1m, struct htx *h
                        TRACE_ERROR("parsing error, reject H1 message", H1_EV_RX_DATA|H1_EV_RX_TLRS|H1_EV_H1S_ERR, h1s->h1c->conn, h1s);
                        h1_capture_bad_message(h1s->h1c, h1s, h1m, buf);
                }
-               else if (ret == -2) {
+               else if (ret == -2 || b_data(buf) != *ofs) {
                        TRACE_STATE("RX path congested, waiting for more space", H1_EV_RX_DATA|H1_EV_RX_TLRS|H1_EV_H1S_BLK, h1s->h1c->conn, h1s);
                        h1s->flags |= H1S_F_RX_CONGESTED;
                }