From: Christopher Faulet <cfaulet@haproxy.com>
Date: Fri, 19 Apr 2019 12:12:27 +0000 (+0200)
Subject: BUG/MEDIUM: h1: Don't parse chunks CRLF if not enough data are available
X-Git-Tag: v2.0-dev3~211
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=22c57bef56f7261c57d68e330e82f5de43f1de5b;p=thirdparty%2Fhaproxy.git

BUG/MEDIUM: h1: Don't parse chunks CRLF if not enough data are available

As specified in the function comment, the function h1_skip_chunk_crlf() must not
change anything and return zero if not enough data are available. This must
include the case where there is no data at all. On this point, it must do the
same that other h1 parsing functions. This bug is made visible since the commit
91f77d599 ("BUG/MINOR: mux-h1: Process input even if the input buffer is
empty").

This patch must be backported to 1.9.
---

diff --git a/include/common/h1.h b/include/common/h1.h
index b36f6fa041..0d652e7bbb 100644
--- a/include/common/h1.h
+++ b/include/common/h1.h
@@ -202,6 +202,9 @@ static inline int h1_skip_chunk_crlf(const struct buffer *buf, int start, int st
 	const char *ptr = b_peek(buf, start);
 	int bytes = 1;
 
+	if (stop <= start)
+		return 0;
+
 	/* NB: we'll check data availability at the end. It's not a
 	 * problem because whatever we match first will be checked
 	 * against the correct length.