BUG/MEDIUM: mux-h1: Don't emit 0-CRLF chunk in h1_done_ff() when iobuf is empty

A chunk message transferred via zero-copy forwarding in H1 may be corrupted. This only happens when the chunk size is not known during the nego stage and when there is nothing to forward when h1_donn_ff() is called. In this case, we always emit a chunk. Because there is nothing to forward, a 0-CRLF is emitted in the middle of the message. The issue occurred with the HTTP stats applet only. A simple fix is to check the size of data in the iobuf before emitting a new chunk in h1_done_ff(). However, we still try to send outgoing data because when this happens, it is most of time because the H1 output buffer is almost full. This patch should fix the issue #2453. No backport needed.
2025-04-18 13:05:38 +00:00 · 2024-02-21 09:30:46 +01:00 · 2024-02-21 09:30:46 +01:00 · 1a2a196fcf
commit 1a2a196fcf
parent a17eaf7763
1 changed files with 1 additions and 1 deletions
--- a/src/mux_h1.c
+++ b/src/mux_h1.c
@ -4602,7 +4602,7 @@ static size_t h1_done_ff(struct stconn *sc)
 		if (b_room(&h1c->obuf) == sd->iobuf.offset)
 			h1c->flags |= H1C_F_OUT_FULL;

-		if (sd->iobuf.offset) {
+		if (sd->iobuf.data && sd->iobuf.offset) {
 			struct buffer buf = b_make(b_orig(&h1c->obuf), b_size(&h1c->obuf),
 						   b_peek_ofs(&h1c->obuf, b_data(&h1c->obuf) - sd->iobuf.data + sd->iobuf.offset),
 						   sd->iobuf.data);