From 22c57bef56f7261c57d68e330e82f5de43f1de5b Mon Sep 17 00:00:00 2001 From: Christopher Faulet Date: Fri, 19 Apr 2019 14:12:27 +0200 Subject: [PATCH] BUG/MEDIUM: h1: Don't parse chunks CRLF if not enough data are available As specified in the function comment, the function h1_skip_chunk_crlf() must not change anything and return zero if not enough data are available. This must include the case where there is no data at all. On this point, it must do the same that other h1 parsing functions. This bug is made visible since the commit 91f77d599 ("BUG/MINOR: mux-h1: Process input even if the input buffer is empty"). This patch must be backported to 1.9. --- include/common/h1.h | 3 +++ 1 file changed, 3 insertions(+) diff --git a/include/common/h1.h b/include/common/h1.h index b36f6fa04..0d652e7bb 100644 --- a/include/common/h1.h +++ b/include/common/h1.h @@ -202,6 +202,9 @@ static inline int h1_skip_chunk_crlf(const struct buffer *buf, int start, int st const char *ptr = b_peek(buf, start); int bytes = 1; + if (stop <= start) + return 0; + /* NB: we'll check data availability at the end. It's not a * problem because whatever we match first will be checked * against the correct length.