From 9962f8fc44dc9033ee076073c49bb826679d027b Mon Sep 17 00:00:00 2001 From: Willy Tarreau Date: Tue, 28 Jun 2016 11:52:08 +0200 Subject: [PATCH] BUG/MEDIUM: http: unbreak uri/header/url_param hashing Vedran Furac reported that "balance uri" doesn't work anymore in recent 1.7-dev versions. Dragan Dosen found that the first faulty commit was dbe34eb ("MEDIUM: filters/http: Move body parsing of HTTP messages in dedicated functions"), merged in 1.7-dev2. After this patch, the hashing is performed on uninitialized data, indicating that the buffer is not correctly rewound. In fact, all forms of content-based hashing are broken since the commit above. Upon code inspection, it appears that the new functions http_msg_forward_chunked_body() and http_msg_forward_body() forget to rewind the buffer in the success case, when the parser changes to state HTTP_MSG_DONE. The rewinding code was reinserted in both functions and the fix was confirmed by two test, with and without chunking. No backport it needed. --- src/proto_http.c | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/src/proto_http.c b/src/proto_http.c index bab3db5d8e..ef5a15ccbc 100644 --- a/src/proto_http.c +++ b/src/proto_http.c @@ -6853,6 +6853,9 @@ http_msg_forward_body(struct stream *s, struct http_msg *msg) if (msg->next) goto waiting; + if (unlikely(!(chn->flags & CF_WROTE_DATA) || msg->sov > 0)) + msg->sov -= ret; + FLT_STRM_DATA_CB(s, chn, flt_http_end(s, msg), /* default_ret */ 1, /* on_error */ goto error, @@ -6968,6 +6971,9 @@ http_msg_forward_chunked_body(struct stream *s, struct http_msg *msg) if (msg->next) goto waiting; + if (unlikely(!(chn->flags & CF_WROTE_DATA) || msg->sov > 0)) + msg->sov -= ret; + FLT_STRM_DATA_CB(s, chn, flt_http_end(s, msg), /* default_ret */ 1, /* on_error */ goto error, -- 2.39.5