[BUG] http: fix truncated responses on chunk encoding when size divides buffer size

Bernhard Krieger reported truncated HTTP responses in presence of some
specific chunk-encoded data, and kindly offered complete traces of the
issue which made it easy to reproduce it.

Those traces showed that the chunks were of exactly 8192 bytes, chunk
size and CRLF included, which was exactly half the size of the buffer.
In this situation, the function http_chunk_skip_crlf() could erroneously
try to parse a CRLF after the chunk believing there were more data
pending, because the number of bytes present in the buffer was considered
instead of the number of remaining bytes to be parsed.

diff --git a/src/proto_http.c b/src/proto_http.c
index f1ec7cd84f081ee2e782b76834cb8804ba3a34b6..694e98dc5e9cd71c2ed5e4b8a6b825268e876b8c 100644 (file)
--- a/src/proto_http.c
+++ b/src/proto_http.c
@@ -2245,7 +2245,7 @@ int http_skip_chunk_crlf(struct buffer *buf, struct http_msg *msg)
                        ptr = buf->data;
        }
 
-       if (buf->l < bytes)
+       if (bytes > buf->l - buf->send_max)
                return 0;
 
        if (*ptr != '\n')