BUG/MEDIUM: lua: fix a segfault in txn:done() if called twice

When called from an http ruleset, txn:done() can still crash the process because it closes the stream without consuming pending data resulting in the transaction's buffer representation to differ from the real buffer. This patch also adjusts the transaction's state to indicate that it's closed to be consistent with what's already done in redirect rules.
2025-02-07 22:12:08 +00:00 · 2015-08-28 10:06:15 +02:00 · 2015-08-28 10:06:15 +02:00 · 630ef4585a
commit 630ef4585a
parent a678b43119
1 changed files with 22 additions and 0 deletions
--- a/src/hlua.c
+++ b/src/hlua.c
@ -3655,6 +3655,28 @@ __LJMP static int hlua_txn_done(lua_State *L)
 	ic = &htxn->s->req;
 	oc = &htxn->s->res;

+	if (htxn->s->txn) {
+		/* HTTP mode, let's stay in sync with the stream */
+		bi_fast_delete(ic->buf, htxn->s->txn->req.sov);
+		htxn->s->txn->req.next -= htxn->s->txn->req.sov;
+		htxn->s->txn->req.sov = 0;
+		ic->analysers &= AN_REQ_HTTP_XFER_BODY;
+		oc->analysers = AN_RES_HTTP_XFER_BODY;
+		htxn->s->txn->req.msg_state = HTTP_MSG_CLOSED;
+		htxn->s->txn->rsp.msg_state = HTTP_MSG_DONE;
+
+		/* Trim any possible response */
+		oc->buf->i = 0;
+		htxn->s->txn->rsp.next = htxn->s->txn->rsp.sov = 0;
+
+		/* Note that if we want to support keep-alive, we need
+		 * to bypass the close/shutr_now calls below, but that
+		 * may only be done if the HTTP request was already
+		 * processed and the connection header is known (ie
+		 * not during TCP rules).
+		 */
+	}
+
 	channel_auto_read(ic);
 	channel_abort(ic);
 	channel_auto_close(ic);