RepoMirrors/haproxy
1
0
Fork 0
mirror of http://git.haproxy.org/git/haproxy.git/ synced 2025-02-18 19:56:59 +00:00
Code Issues Packages Projects Releases Wiki Activity

BUG/MEDIUM: httpclient: limit transfers to the maximum available room

Browse Source 
A bug was uncovered by commit fc5912914 ("MINOR: httpclient: Don't limit
data transfer to 1024 bytes"), it happens that callers of b_xfer() and
b_force_xfer() are expected to check for available room in the target
buffer. Previously it was unlikely to be full but now with full buffer-
sized transfers, it happens more often and in practice it is possible
to crash the process with the debug command "httpclient" on the CLI by
going beyond a the max buffer size. Other call places ought to be
rechecked by now and it might be time to rethink this API if it tends
to generalize.

This must be backported to 2.5.
This commit is contained in:
Willy Tarreau 2022-02-18 17:28:25 +01:00
parent 8a91374487
commit 11adb1d8fc
1 changed files with 2 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
src/http_client.c
View File

@ -352,9 +352,10 @@ error:
*/
int httpclient_res_xfer(struct httpclient *hc, struct buffer *dst)
{
size_t room = b_room(dst);
int ret;
ret = b_force_xfer(dst, &hc->res.buf, b_data(&hc->res.buf));
ret = b_force_xfer(dst, &hc->res.buf, MIN(room, b_data(&hc->res.buf)));
/* call the client once we consumed all data */
if (!b_data(&hc->res.buf)) {
b_free(&hc->res.buf);