From 1d3bcce4dd2f6e440a9a7680870c5ca7aea28be1 Mon Sep 17 00:00:00 2001
From: Willy Tarreau <w@1wt.eu>
Date: Sun, 27 Dec 2009 15:50:06 +0100
Subject: [PATCH] [BUG] http: offsets are relative to the buffer, not to ->som

Some wrong operations were performed on buffers, assuming the
offsets were relative to the beginning of the request while they
are relative to the beginning of the buffer. In practice this is
not yet an issue since both are the same... until we add support
for keep-alive.
---
 include/types/proto_http.h |  5 +++-
 src/proto_http.c           | 53 ++++++++++----------------------------
 2 files changed, 17 insertions(+), 41 deletions(-)

diff --git a/include/types/proto_http.h b/include/types/proto_http.h
index dcd6a3dae..db2313fb0 100644
--- a/include/types/proto_http.h
+++ b/include/types/proto_http.h
@@ -259,9 +259,12 @@ typedef enum {
  *                             eoh points to the first byte of the last CRLF
  *                             preceeding data.
  *  - col and sov            : When in HTTP_MSG_BODY, will point to the first
- *                             byte of data.
+ *                             byte of data (relative to buffer).
+ *  - sol (start of line)    : start of line, also start of message when fully parsed.
  *  - eol (End of Line)      : relative offset in the buffer of the first byte
  *                             which marks the end of the line (LF or CRLF).
+ * Note that all offsets are relative to the beginning of the buffer. To get
+ * them relative to the current request, subtract ->som.
  */
 struct http_msg {
 	unsigned int msg_state;                /* where we are in the current message parsing */
diff --git a/src/proto_http.c b/src/proto_http.c
index 1f748eaff..7c722e62c 100644
--- a/src/proto_http.c
+++ b/src/proto_http.c
@@ -1404,21 +1404,12 @@ void http_msg_analyzer(struct buffer *buf, struct http_msg *msg, struct hdr_idx
 	http_msg_rpbefore:
 	case HTTP_MSG_RPBEFORE:
 		if (likely(HTTP_IS_TOKEN(*ptr))) {
-#if !defined(PARSE_PRESERVE_EMPTY_LINES)
-			if (likely(ptr != buf->data)) {
-				/* Remove empty leading lines, as recommended by
-				 * RFC2616. This takes a lot of time because we
-				 * must move all the buffer backwards, but this
-				 * is rarely needed. The method above will be
-				 * cleaner when we'll be able to start sending
-				 * the request from any place in the buffer.
-				 */
-				ptr += buffer_replace2(buf, buf->lr, ptr, NULL, 0);
-				end = buf->r;
+			if (likely(ptr != buf->data + msg->som)) {
+				/* Remove empty leading lines, as recommended by RFC2616. */
+				buffer_ignore(buf, ptr - buf->data - msg->som);
+				msg->som = ptr - buf->data;
 			}
-#endif
 			msg->sol = ptr;
-			msg->som = ptr - buf->data;
 			hdr_idx_init(idx);
 			state = HTTP_MSG_RPVER;
 			goto http_msg_rpver;
@@ -1473,30 +1464,12 @@ void http_msg_analyzer(struct buffer *buf, struct http_msg *msg, struct hdr_idx
 	http_msg_rqbefore:
 	case HTTP_MSG_RQBEFORE:
 		if (likely(HTTP_IS_TOKEN(*ptr))) {
-			if (likely(ptr == buf->data)) {
-				msg->sol = ptr;
-				msg->som = 0;
-			} else {
-#if PARSE_PRESERVE_EMPTY_LINES
-				/* only skip empty leading lines, don't remove them */
-				msg->sol = ptr;
+			if (likely(ptr != buf->data + msg->som)) {
+				/* Remove empty leading lines, as recommended by RFC2616. */
+				buffer_ignore(buf, ptr - buf->data - msg->som);
 				msg->som = ptr - buf->data;
-#else
-				/* Remove empty leading lines, as recommended by
-				 * RFC2616. This takes a lot of time because we
-				 * must move all the buffer backwards, but this
-				 * is rarely needed. The method above will be
-				 * cleaner when we'll be able to start sending
-				 * the request from any place in the buffer.
-				 */
-				buf->lr = ptr;
-				buffer_replace2(buf, buf->data, buf->lr, NULL, 0);
-				msg->som = 0;
-				msg->sol = buf->data;
-				ptr = buf->data;
-				end = buf->r;
-#endif
 			}
+			msg->sol = ptr;
 			/* we will need this when keep-alive will be supported
 			   hdr_idx_init(idx);
 			 */
@@ -2136,9 +2109,9 @@ int http_wait_for_request(struct session *s, struct buffer *req, int an_bit)
 
 	/* ... and check if the request is HTTP/1.1 or above */
 	if ((msg->sl.rq.v_l == 8) &&
-	    ((req->data[msg->som + msg->sl.rq.v + 5] > '1') ||
-	     ((req->data[msg->som + msg->sl.rq.v + 5] == '1') &&
-	      (req->data[msg->som + msg->sl.rq.v + 7] >= '1'))))
+	    ((req->data[msg->sl.rq.v + 5] > '1') ||
+	     ((req->data[msg->sl.rq.v + 5] == '1') &&
+	      (req->data[msg->sl.rq.v + 7] >= '1'))))
 		txn->flags |= TX_REQ_VER_11;
 
 	/* "connection" has not been parsed yet */
@@ -2657,7 +2630,7 @@ int http_process_request(struct session *s, struct buffer *req, int an_bit)
 
 	/* It needs to look into the URI */
 	if ((s->sessid == NULL) && s->be->appsession_name) {
-		get_srv_from_appsession(s, &req->data[msg->som + msg->sl.rq.u], msg->sl.rq.u_l);
+		get_srv_from_appsession(s, &req->data[msg->sl.rq.u], msg->sl.rq.u_l);
 	}
 
 	/*
@@ -2789,7 +2762,7 @@ int http_process_request(struct session *s, struct buffer *req, int an_bit)
 	    s->txn.meth == HTTP_METH_POST && s->be->url_param_name != NULL &&
 	    s->be->url_param_post_limit != 0 &&
 	    (txn->flags & (TX_REQ_CNT_LEN|TX_REQ_TE_CHNK)) &&
-	    memchr(msg->sol + msg->sl.rq.u, '?', msg->sl.rq.u_l) == NULL) {
+	    memchr(req->data + msg->sl.rq.u, '?', msg->sl.rq.u_l) == NULL) {
 		buffer_dont_connect(req);
 		req->analysers |= AN_REQ_HTTP_BODY;
 	}