commit 6670e3e2bf64d4273c164cd5a70bb9acde2820b2
author Christopher Faulet <cfaulet@haproxy.com> Thu Oct 08 15:26:33 2020 +0200
committer Christopher Faulet <cfaulet@haproxy.com> Fri Oct 09 10:02:00 2020 +0200
tree 8cc944f4312ff4db0e2038d05f1897cc59be2e66
parent 08eb718494803fc389c3b729bc230ceb045ebea7

BUG/MEDIUM: mux-fcgi: Don't handle pending read0 too early on streams

A read0 received on the connection must not be handled too early by FCGI
streams. If the demux buffer is not empty, the pending read0 must not be
considered. The FCGI streams must not be passed in half-closed remote state in
fcgi_strm_wake_one_stream() and the CS_FL_EOS flag must not be set on the
associated conn-stream in fcgi_rcv_buf(). To sum up, it means, if there are
still data pending in the demux buffer, no abort must be reported to the
streams.

To fix the issue, a dedicated function has been added, responsible for detecting
pending read0 for a FCGI connection. A read0 is reported only if the demux
buffer is empty. This function is used instead of conn_xprt_read0_pending() at
some places.

This patch should fix the issue #886. It must be backported as far as 2.1.

src/mux_fcgi.c

diff --git a/src/mux_fcgi.c b/src/mux_fcgi.c
index 7be05b6..b6b1feb 100644
--- a/src/mux_fcgi.c
+++ b/src/mux_fcgi.c
@@ -869,6 +869,17 @@
 	}
 }
 
+/* Detect a pending read0 for a FCGI connection. It happens if a read0 is
+ * pending on the connection AND if there is no more data in the demux
+ * buffer. The function returns 1 to report a read0 or 0 otherwise.
+ */
+static int fcgi_conn_read0_pending(struct fcgi_conn *fconn)
+{
+	if (conn_xprt_read0_pending(fconn->conn) && !b_data(&fconn->dbuf))
+		return 1;
+	return 0;
+}
+
 
 /* Returns true if the FCGI connection must be release */
 static inline int fcgi_conn_is_dead(struct fcgi_conn *fconn)
@@ -1133,7 +1144,7 @@
 		return;
 	}
 
-	if (conn_xprt_read0_pending(fconn->conn)) {
+	if (fcgi_conn_read0_pending(fconn)) {
 		if (fstrm->state == FCGI_SS_OPEN) {
 			fstrm->state = FCGI_SS_HREM;
 			TRACE_STATE("swtiching to HREM", FCGI_EV_STRM_WAKE|FCGI_EV_FSTRM_END, fconn->conn, fstrm);
@@ -2527,7 +2538,7 @@
 
 		if (tmp_fstrm != fstrm && fstrm && fstrm->cs &&
 		    (b_data(&fstrm->rxbuf) ||
-		     conn_xprt_read0_pending(fconn->conn) ||
+		     fcgi_conn_read0_pending(fconn) ||
 		     fstrm->state == FCGI_SS_CLOSED ||
 		     (fstrm->flags & FCGI_SF_ES_RCVD) ||
 		     (fstrm->cs->flags & (CS_FL_ERROR|CS_FL_ERR_PENDING|CS_FL_EOS)))) {
@@ -2608,7 +2619,7 @@
 	/* we can go here on missing data, blocked response or error */
 	if (fstrm && fstrm->cs &&
 	    (b_data(&fstrm->rxbuf) ||
-	     conn_xprt_read0_pending(fconn->conn) ||
+	     fcgi_conn_read0_pending(fconn) ||
 	     fstrm->state == FCGI_SS_CLOSED ||
 	     (fstrm->flags & FCGI_SF_ES_RCVD) ||
 	     (fstrm->cs->flags & (CS_FL_ERROR|CS_FL_ERR_PENDING|CS_FL_EOS)))) {
@@ -3022,7 +3033,7 @@
 		}
 	}
 
-	if ((conn->flags & CO_FL_ERROR) || conn_xprt_read0_pending(conn) ||
+	if ((conn->flags & CO_FL_ERROR) || fcgi_conn_read0_pending(fconn) ||
 	    fconn->state == FCGI_CS_CLOSED || (fconn->flags & FCGI_CF_ABRTS_FAILED) ||
 	    eb_is_empty(&fconn->streams_by_id)) {
 		fcgi_wake_some_streams(fconn, 0);
@@ -3854,7 +3865,7 @@
 			if (!(fstrm->h1m.flags & (H1_MF_VER_11|H1_MF_XFER_LEN)))
 				cs->flags |= CS_FL_EOS;
 		}
-		if (conn_xprt_read0_pending(fconn->conn))
+		if (fcgi_conn_read0_pending(fconn))
 			cs->flags |= CS_FL_EOS;
 		if (cs->flags & CS_FL_ERR_PENDING)
 			cs->flags |= CS_FL_ERROR;