From: Christopher Faulet <cfaulet@haproxy.com>
Date: Tue, 5 Dec 2023 08:21:38 +0000 (+0100)
Subject: BUG/MEDIUM: peers: fix partial message decoding
X-Git-Tag: v2.9.0~2
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=a7777bbf79352e6670eab0b6afbebded6fbc6bdb;p=thirdparty%2Fhaproxy.git

BUG/MEDIUM: peers: fix partial message decoding

peer_recv_msg() may return because the message is incomplete without
checking if a shutdown is pending for the SC. The function relies on
co_getblk() to detect shutdowns. However, the message length decoding may be
interrupted if the multi-bytes integer is incomplete. In this case, the SC
is not check for shutdowns.

When this happens, this leads to an appctx spinning loop.

This patch should fix the issue #2373. It must be backported to 2.8.
---

diff --git a/src/peers.c b/src/peers.c
index 23affa127b..5eefd1830e 100644
--- a/src/peers.c
+++ b/src/peers.c
@@ -2455,7 +2455,7 @@ static inline int peer_recv_msg(struct appctx *appctx, char *msg_head, size_t ms
 	return 1;
 
  incomplete:
-	if (reql < 0) {
+	if (reql < 0 || (sc->flags & (SC_FL_SHUT_DONE|SC_FL_SHUT_WANTED))) {
 		/* there was an error or the message was truncated */
 		appctx->st0 = PEER_SESS_ST_END;
 		return -1;