BUG/MEDIUM: stconn: Don't perform L7 retries with large buffer

L7 retries are buggy when a large buffer is used on the request channel. A
memcpy is used to copy data from the request buffer into the L7 buffer. The
L7 buffer is for now always a standard buffer. So if a larger buffer is
used, this leads to a buffer overflow and crash the process.

The Best way to fix the issue is to disable L7 retries when a large buffer
was allocated for the request channel. In that case, we don't want to
allocate an extra large buffer.

No backport needed.

diff --git a/src/stconn.c b/src/stconn.c
index 137d8646f9a7dc8bad7f0838c53a1912f0c05870..8d5dfeade6eee541422fc777f7d2870376090a96 100644 (file)
--- a/src/stconn.c
+++ b/src/stconn.c
@@ -1493,7 +1493,7 @@ int sc_conn_send(struct stconn *sc)
                         * disable the l7 retries by setting
                         * l7_conn_retries to 0.
                         */
-                       if (s->txn->req.msg_state != HTTP_MSG_DONE)
+                       if (s->txn->req.msg_state != HTTP_MSG_DONE || b_is_large(&oc->buf))
                                s->txn->flags &= ~TX_L7_RETRY;
                        else {
                                if (b_alloc(&s->txn->l7_buffer, DB_UNLIKELY) == NULL)