When HTX blocks from the requests are transferred into the channel buffer,
the return value of htx_xfer_blks() function must not be used to increment
the channel input value because meta data are counted here while they are
not part of input data. Because of this bug, it is possible to forward more
data than these present in the channel buffer.
Instead, we look at the input data before and after the transfer and the
difference is added.
It is only an issue with large POSTs, when the payload is streamed.
This patch must be backported as far as 2.6.
(cherry picked from commit
d9ca8f6b71cd17bae0718f0b1e9da919fc00264d)
Signed-off-by: Amaury Denoyelle <adenoyelle@haproxy.com>
(cherry picked from commit
208ef1d7aebc11133e8c64966be475a521da5409)
Signed-off-by: Christopher Faulet <cfaulet@haproxy.com>
(cherry picked from commit
90167928a38f05680852fd0943b86ef66496ee18)
Signed-off-by: Christopher Faulet <cfaulet@haproxy.com>
channel_add_input(req, data);
} else {
struct htx_ret ret;
+ size_t data = htx->data;
ret = htx_xfer_blks(htx, hc_htx, htx_used_space(hc_htx), HTX_BLK_UNUSED);
- channel_add_input(req, ret.ret);
+ data = htx->data - data;
+ channel_add_input(req, data);
/* we must copy the EOM if we empty the buffer */
if (htx_is_empty(hc_htx)) {
projects / haproxy-3.0.git / commitdiff