MINOR: mux-h1: Stop zero-copy forwarding during nego for too big requested size

Now, during the zero-copy forwarding negotiation, when the requested size is
exact, we are now able to check if it is bigger than the expected one or
not. If it is indeed bigger than expeceted, the zero-copy forwarding is
disabled, the error will be triggered later on the normal sending path.

diff --git a/src/mux_h1.c b/src/mux_h1.c
index a08d08520f89e6093bba9d57b9697edc2a2ea0a4..6f6b95e060767bf0c4a3be3bc049c7cb59386076 100644 (file)
--- a/src/mux_h1.c
+++ b/src/mux_h1.c
@@ -4460,13 +4460,24 @@ static size_t h1_nego_ff(struct stconn *sc, struct buffer *input, size_t count,
                goto out;
        }
 
-       /* TODO: add check on curr_len if CLEN */
-
-       if (h1m->flags & H1_MF_CHNK) {
+       if (h1m->flags & H1_MF_CLEN) {
+               if ((flags & NEGO_FF_FL_EXACT_SIZE) && count > h1m->curr_len) {
+                       TRACE_ERROR("more payload than announced", H1_EV_STRM_SEND|H1_EV_STRM_ERR, h1c->conn, h1s);
+                       h1s->sd->iobuf.flags |= IOBUF_FL_NO_FF;
+                       goto out;
+               }
+       }
+       else if (h1m->flags & H1_MF_CHNK) {
                if (h1m->curr_len) {
                        BUG_ON(h1m->state != H1_MSG_DATA);
-                       if (count > h1m->curr_len)
+                       if (count > h1m->curr_len) {
+                               if ((flags & NEGO_FF_FL_EXACT_SIZE) && count > h1m->curr_len) {
+                                       TRACE_ERROR("chunk bigger than announced", H1_EV_STRM_SEND|H1_EV_STRM_ERR, h1c->conn, h1s);
+                                       h1s->sd->iobuf.flags |= IOBUF_FL_NO_FF;
+                                       goto out;
+                               }
                                count = h1m->curr_len;
+                       }
                }
                else {
                        BUG_ON(h1m->state != H1_MSG_CHUNK_CRLF && h1m->state != H1_MSG_CHUNK_SIZE);