BUG/MEDIUM: http: wait for the exact amount of body bytes in wait_for_request_body
Due to the fact that we were still considering only msg->sov for the
first byte of data after calling http_parse_chunk_size(), we used to
miscompute the input data size and to count the CRLF and the chunk size
as part of the input data. The effect is that it was possible to release
the processing with 3 or 4 missing bytes, especially if they're typed by
hand during debugging sessions. This can cause the stats page to return
some errors in admin mode, and the url_param balance algorithm to fail
to properly hash a body input.
This fix must be backported to 1.5.
(cherry picked from commit e115b49c399a0fd9cfa07ae41531549144ced9b0)
diff --git a/src/proto_http.c b/src/proto_http.c
index dcf09c8..0ac3a47 100644
--- a/src/proto_http.c
+++ b/src/proto_http.c
@@ -4648,7 +4648,7 @@
if (!(msg->flags & HTTP_MSGF_TE_CHNK)) {
/* We're in content-length mode, we just have to wait for enough data. */
- if (req->buf->i - msg->sov < msg->body_len)
+ if (http_body_bytes(msg) < msg->body_len)
goto missing_data;
/* OK we have everything we need now */
@@ -4673,13 +4673,14 @@
}
/* Now we're in HTTP_MSG_DATA or HTTP_MSG_TRAILERS state.
- * We have the first data byte is in msg->sov. We're waiting for at
- * least a whole chunk or the whole content length bytes after msg->sov.
+ * We have the first data byte is in msg->sov + msg->sol. We're waiting
+ * for at least a whole chunk or the whole content length bytes after
+ * msg->sov + msg->sol.
*/
if (msg->msg_state == HTTP_MSG_TRAILERS)
goto http_end;
- if (req->buf->i - msg->sov >= msg->body_len) /* we have enough bytes now */
+ if (http_body_bytes(msg) >= msg->body_len) /* we have enough bytes now */
goto http_end;
missing_data: