From: Christopher Faulet <cfaulet@haproxy.com>
Date: Fri, 7 Nov 2025 11:47:31 +0000 (+0100)
Subject: BUG/MEDIUM: peers: Fix update message parsing during a full resync
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=f12252c7a5fd9797cd1d5b71691f3a9761f2b9b3;p=thirdparty%2Fhaproxy.git

BUG/MEDIUM: peers: Fix update message parsing during a full resync

The commit 590c5ff2e ("MEDIUM: peers: No longer ack updates during a full
resync") introduced a regression. During a full resync, the ID of an update
message is not parsed at all. Thus, the parsing of the whole message in
desynchronized.

On full resync the update id itself is ignored, to not be acked, but it must
be parsed. It is now fixed.

It is a 3.3-specific bug, no backport needed.
---

diff --git a/src/peers.c b/src/peers.c
index bbb72352c..9a97ebb6b 100644
--- a/src/peers.c
+++ b/src/peers.c
@@ -1811,21 +1811,20 @@ int peer_treat_updatemsg(struct appctx *appctx, struct peer *p, int updt, int ex
 
 	expire = MS_TO_TICKS(table->expire);
 
-	if (p->learnstate != PEER_LR_ST_PROCESSING) {
-		if (updt) {
-			if (msg_len < sizeof(update)) {
-				TRACE_ERROR("malformed update message: message too small", PEERS_EV_SESS_IO|PEERS_EV_RX_MSG|PEERS_EV_PROTO_ERR, appctx, p, st);
-				goto malformed_exit;
-			}
-
-			memcpy(&update, *msg_cur, sizeof(update));
-			*msg_cur += sizeof(update);
-			st->last_get = htonl(update);
-		}
-		else {
-			st->last_get++;
+	if (updt) {
+		if (msg_len < sizeof(update)) {
+			TRACE_ERROR("malformed update message: message too small", PEERS_EV_SESS_IO|PEERS_EV_RX_MSG|PEERS_EV_PROTO_ERR, appctx, p, st);
+			goto malformed_exit;
 		}
+
+		memcpy(&update, *msg_cur, sizeof(update));
+		*msg_cur += sizeof(update);
 	}
+	else
+		update = st->last_get + 1;
+
+	if (p->learnstate != PEER_LR_ST_PROCESSING)
+		st->last_get = htonl(update);
 
 	if (exp) {
 		size_t expire_sz = sizeof expire;