[BUG] http: fix possible incorrect forwarded wrapping chunk size
It seems like if a response message is chunked and the chunk size wraps at the end of the buffer and the crlf sequence is incomplete, then we can forward a wrong chunk size due to incorrect handling of the wrapped size. It seems extremely unlikely to occur on real traffic (no reason to have half of the CRLF after a chunk) but nothing prevents it from being possible. This fix must be backported to 1.4.
This commit is contained in:
parent
a11460540f
commit
acd20f80c1
@ -5522,6 +5522,9 @@ int http_response_forward_body(struct session *s, struct buffer *res, int an_bit
|
||||
|
||||
/* forward the chunk size as well as any pending data */
|
||||
if (msg->hdr_content_len || msg->som != msg->sov) {
|
||||
int bytes = msg->sov - msg->som;
|
||||
if (bytes < 0) /* sov may have wrapped at the end */
|
||||
bytes += res->size;
|
||||
buffer_forward(res, msg->sov - msg->som + msg->hdr_content_len);
|
||||
msg->hdr_content_len = 0; /* don't forward that again */
|
||||
msg->som = msg->sov;
|
||||
|
Loading…
x
Reference in New Issue
Block a user