BUG/MEDIUM: mux-fcgi: Truly drain outgoing HTX data when the stream is closed

When we try to send data to the server and the stream is closed (in error,
in half-closed state or fully closed), remaining data must be drained. This
way the upper stream is able to properly handle the stream close.

However, there was a bug here. The mux claimed to have consumed these data
without draining them from the buffer. So the upper stream will try to send
these data in loop. Because of this bug, it is possible to trigger the
watchdog with a bogus stream.

This patch should fix the issue #3425. It must be backported to all
supported versions.

diff --git a/src/mux_fcgi.c b/src/mux_fcgi.c
index d882a82883c8bdb3cff6ad91a200fb1a951d879a..f3a9b9d2cb6f0f041a320b58bd57da833e049909 100644 (file)
--- a/src/mux_fcgi.c
+++ b/src/mux_fcgi.c
@@ -4242,11 +4242,14 @@ static size_t fcgi_snd_buf(struct stconn *sc, struct buffer *buf, size_t count,
 
   done:
        if (fstrm->state >= FCGI_SS_HLOC) {
+               struct htx_ret htxret;
+
                /* trim any possibly pending data after we close (extra CR-LF,
                 * unprocessed trailers, abnormal extra data, ...)
                 */
-               total += count;
-               count = 0;
+               htxret = htx_drain(htx, count);
+               total += htxret.ret;
+               count -= htxret.ret;
        }
 
        if (fstrm->state == FCGI_SS_ERROR) {