From f6ce9d61f98f9c59d18711295836cf17b506a344 Mon Sep 17 00:00:00 2001 From: Christopher Faulet Date: Mon, 10 Dec 2018 15:30:06 +0100 Subject: [PATCH] BUG/MEDIUM: mux-h1: Don't loop on the headers parsing if the read0 was received If a server sends part of headers and then close its connection, the mux H1 reamins blocked in an infinite loop trying to read more data to finish the parsing of the message. The flag CS_FL_REOS is set on the conn_stream. But because there are some data in the input buffer, CS_FL_EOS is never set. To fix the bug, in h1_process_input, when CS_FL_REOS is set on the conn_stream, we also set CS_FL_EOS if the input buffer is empty OR if the channel's buffer is empty. --- src/mux_h1.c | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/src/mux_h1.c b/src/mux_h1.c index f7026c9c5..fa3ffa8d0 100644 --- a/src/mux_h1.c +++ b/src/mux_h1.c @@ -1304,11 +1304,14 @@ static size_t h1_process_input(struct h1c *h1c, struct buffer *buf, int flags) else { h1_release_buf(h1c, &h1c->ibuf); h1_sync_messages(h1c); - h1s->cs->flags &= ~(CS_FL_RCV_MORE | CS_FL_WANT_ROOM); - if (h1s->cs->flags & CS_FL_REOS) - h1s->cs->flags |= CS_FL_EOS; } + + if ((h1s->cs->flags & CS_FL_REOS) && (!b_data(&h1c->ibuf) || htx_is_empty(htx))) { + h1s->cs->flags |= CS_FL_EOS; + h1s->cs->flags &= ~(CS_FL_RCV_MORE | CS_FL_WANT_ROOM); + } + return total; parsing_err: