From: Christopher Faulet <cfaulet@haproxy.com>
Date: Fri, 20 Dec 2019 14:59:20 +0000 (+0100)
Subject: BUG/MEDIUM: stream: Be sure to never assign a TCP backend to an HTX stream
X-Git-Tag: v2.2-dev1~157
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=eec7f8ac01cb744bc30f50327dd989b4763e0205;p=thirdparty%2Fhaproxy.git

BUG/MEDIUM: stream: Be sure to never assign a TCP backend to an HTX stream

With a TCP frontend, it is possible to upgrade a connection to HTTP when the
backend is in HTTP mode. Concretly the upgrade install a new mux. So, once it is
done, the downgrade to TCP is no longer possible. So we must take care to never
assign a TCP backend to a stream on this connection. Otherwise, HAProxy crashes
because raw data from the server are handled as structured data on the client
side.

This patch fixes the issue #420. It must be backported to all versions
supporting the HTX.
---

diff --git a/src/proxy.c b/src/proxy.c
index 838722d1e1..a5570dafa0 100644
--- a/src/proxy.c
+++ b/src/proxy.c
@@ -1477,6 +1477,14 @@ int stream_set_backend(struct stream *s, struct proxy *be)
 				s->flags |= SF_HTX;
 			}
 		}
+		else if (IS_HTX_STRM(s) && be->mode != PR_MODE_HTTP) {
+			/* If a TCP backend is assgiend to an HTX stream, return
+			 * an error. It may happens for a new stream on a
+			 * previously upgraded connnections. */
+			if (!(s->flags & SF_ERR_MASK))
+				s->flags |= SF_ERR_INTERNAL;
+			return 0;
+		}
 
 		/* we may request to parse a request body */
 		if (be->options & PR_O_WREQ_BODY)