From: Christopher Faulet Date: Wed, 1 Mar 2023 15:04:23 +0000 (+0100) Subject: BUG/MINOR: mxu-h1: Report a parsing error on abort with pending data X-Git-Tag: v2.8-dev5~64 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=91ff70954204f73b2e901b765bc5d7fd1dc2ce56;p=thirdparty%2Fhaproxy.git BUG/MINOR: mxu-h1: Report a parsing error on abort with pending data When an abort is detected before all headers were received, and if there are pending incoming data, we must report a parsing error instead of a connection abort. This way it will be able to be handled as an invalid message by HTTP analyzers instead of an early abort with no message. It is especially important to be accurate on L7 retry. Indeed, without this fix, this case will be handle by the "empty-response" retries policy while a retry on "junk-response" is more accurate. This patch must be backported to 2.7. --- diff --git a/src/mux_h1.c b/src/mux_h1.c index 7517d92f97..4b071f80ba 100644 --- a/src/mux_h1.c +++ b/src/mux_h1.c @@ -1912,9 +1912,16 @@ static size_t h1_process_demux(struct h1c *h1c, struct buffer *buf, size_t count se_fl_set(h1s->sd, SE_FL_EOI); TRACE_STATE("report EOI to SE", H1_EV_RX_DATA, h1c->conn, h1s); } - else if (h1m->state < H1_MSG_DONE && (h1m->state != H1_MSG_RPBEFORE || b_data(&h1c->ibuf))) { - se_fl_set(h1s->sd, SE_FL_ERROR); - TRACE_ERROR("message aborted, set error on SC", H1_EV_RX_DATA|H1_EV_H1S_ERR, h1c->conn, h1s); + else if (h1m->state < H1_MSG_DONE) { + if (h1m->state > H1_MSG_LAST_LF) { + se_fl_set(h1s->sd, SE_FL_ERROR); + TRACE_ERROR("message aborted, set error on SC", H1_EV_RX_DATA|H1_EV_H1S_ERR, h1c->conn, h1s); + } + else if (b_data(&h1c->ibuf)) { + htx->flags |= HTX_FL_PARSING_ERROR; + TRACE_ERROR("truncated message, set error on SC", H1_EV_RX_DATA|H1_EV_H1S_ERR, h1c->conn, h1s); + } + /* Otherwise (no data was never received) don't report any error just EOS */ } if (h1s->flags & H1S_F_TX_BLK) {