MEDIUM: http: don't reject anymore message bodies not containing the url param
http_process_request_body() currently expects a request body containing
exactly an expected message body. This was done in order to support load
balancing on a unique POST parameter but the way it's done still suffers
from some limitations. One of them is that there is no guarantee that the
accepted message will contain the appropriate string if it starts with
another parameter. But at the same time it will reject a message when the
buffer is full.
So as a first step, we don't reject anymore message bodies that fill the
buffer.
diff --git a/src/proto_http.c b/src/proto_http.c
index 3a4b070..51f97aa 100644
--- a/src/proto_http.c
+++ b/src/proto_http.c
@@ -4357,11 +4357,11 @@
goto http_end;
missing_data:
- /* we get here if we need to wait for more data */
- if (buffer_full(req->buf, global.tune.maxrewrite)) {
- session_inc_http_err_ctr(s);
- goto return_bad_req;
- }
+ /* we get here if we need to wait for more data. If the buffer is full,
+ * we have the maximum we can expect.
+ */
+ if (buffer_full(req->buf, global.tune.maxrewrite))
+ goto http_end;
if ((req->flags & CF_READ_TIMEOUT) || tick_is_expired(req->analyse_exp, now_ms)) {
txn->status = 408;
@@ -4375,7 +4375,7 @@
}
/* we get here if we need to wait for more data */
- if (!(req->flags & (CF_SHUTR | CF_READ_ERROR)) && !buffer_full(req->buf, global.tune.maxrewrite)) {
+ if (!(req->flags & (CF_SHUTR | CF_READ_ERROR))) {
/* Not enough data. We'll re-use the http-request
* timeout here. Ideally, we should set the timeout
* relative to the accept() date. We just set the