From: Christopher Faulet Date: Wed, 20 Oct 2021 11:53:38 +0000 (+0200) Subject: BUG/MEDIUM: tcpcheck: Properly catch early HTTP parsing errors X-Git-Tag: v2.5-dev11~35 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=d16e7dd0e4cf07c9731a1a1c288d003a9f84d1b5;p=thirdparty%2Fhaproxy.git BUG/MEDIUM: tcpcheck: Properly catch early HTTP parsing errors When an HTTP response is parsed, early parsing errors are not properly handled. When this error is reported by the multiplexer, nothing is copied into the input buffer. The HTX message remains empty but the HTX_FL_PARSING_ERROR flag is set. In addition CS_FL_EOI is set on the conn-stream. This last flag must be handled to prevent subscription for receive events. Otherwise, in the best case, a L7 timeout error is reported. But a transient loop is also possible if a shutdown is received because the multiplexer notifies the check of the event while the check never handles it and waits for more data. Now, if CS_FL_EOI flag is set on the conn-stream, expect rules are evaluated. Any error must be handled there. Thanks to @kazeburo for his valuable report. This patch should fix the issue #1420. It must be backported at least to 2.4. On 2.3 and 2.2, there is no loop but the wrong error is reported (empty response instead of invalid one). Thus it may also be backported as far as 2.2. --- diff --git a/src/tcpcheck.c b/src/tcpcheck.c index b782796732..133dfe5c09 100644 --- a/src/tcpcheck.c +++ b/src/tcpcheck.c @@ -1594,6 +1594,10 @@ enum tcpcheck_eval_ret tcpcheck_eval_recv(struct check *check, struct tcpcheck_r goto stop; } if (!cur_read) { + if (cs->flags & CS_FL_EOI) { + /* If EOI is set, it means there is a response or an error */ + goto out; + } if (!(cs->flags & (CS_FL_WANT_ROOM|CS_FL_ERROR|CS_FL_EOS))) { conn->mux->subscribe(cs, SUB_RETRY_RECV, &check->wait_list); TRACE_DEVEL("waiting for response", CHK_EV_RX_DATA, check);