From: Willy Tarreau <w@1wt.eu>
Date: Tue, 28 Jun 2016 09:52:08 +0000 (+0200)
Subject: BUG/MEDIUM: http: unbreak uri/header/url_param hashing
X-Git-Tag: v1.7-dev4~48
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=9962f8fc;p=thirdparty%2Fhaproxy.git

BUG/MEDIUM: http: unbreak uri/header/url_param hashing

Vedran Furac reported that "balance uri" doesn't work anymore in recent
1.7-dev versions. Dragan Dosen found that the first faulty commit was
dbe34eb ("MEDIUM: filters/http: Move body parsing of HTTP messages in
dedicated functions"), merged in 1.7-dev2.

After this patch, the hashing is performed on uninitialized data,
indicating that the buffer is not correctly rewound. In fact, all forms
of content-based hashing are broken since the commit above. Upon code
inspection, it appears that the new functions http_msg_forward_chunked_body()
and http_msg_forward_body() forget to rewind the buffer in the success
case, when the parser changes to state HTTP_MSG_DONE. The rewinding code
was reinserted in both functions and the fix was confirmed by two test,
with and without chunking.

No backport it needed.
---

diff --git a/src/proto_http.c b/src/proto_http.c
index bab3db5d8e..ef5a15ccbc 100644
--- a/src/proto_http.c
+++ b/src/proto_http.c
@@ -6853,6 +6853,9 @@ http_msg_forward_body(struct stream *s, struct http_msg *msg)
 	if (msg->next)
 		goto waiting;
 
+	if (unlikely(!(chn->flags & CF_WROTE_DATA) || msg->sov > 0))
+		msg->sov -= ret;
+
 	FLT_STRM_DATA_CB(s, chn, flt_http_end(s, msg),
 			 /* default_ret */ 1,
 			 /* on_error    */ goto error,
@@ -6968,6 +6971,9 @@ http_msg_forward_chunked_body(struct stream *s, struct http_msg *msg)
 	if (msg->next)
 		goto waiting;
 
+	if (unlikely(!(chn->flags & CF_WROTE_DATA) || msg->sov > 0))
+		msg->sov -= ret;
+
 	FLT_STRM_DATA_CB(s, chn, flt_http_end(s, msg),
 		    /* default_ret */ 1,
 		    /* on_error    */ goto error,