Gitiles
Code Review Sign In
git01.mediatek.com / haproxy / afd373c23237f4b1c8af73e1f6db86d847788272^! / .
commitafd373c23237f4b1c8af73e1f6db86d847788272[log] [tgz]
authorFrédéric Lécaille <flecaille@haproxy.com>Wed Dec 15 22:38:48 2021 +0100
committerAmaury Denoyelle <adenoyelle@haproxy.com>Fri Dec 17 08:38:43 2021 +0100
tree20cefdc6d8603257aee2009fa7f6360cc9cbd665
parent3fe7df877d9f7843a5cd0b9e1a002057fd0ff4af [diff]
MINOR: hq_interop: Stop BUG_ON() truncated streams

This is required if we do not want to make haproxy crash during zerortt
interop runner test which makes a client open multiple streams with
long request paths.

diff --git a/src/hq_interop.c b/src/hq_interop.c
index 9af937f..8271196 100644
--- a/src/hq_interop.c
+++ b/src/hq_interop.c

@@ -17,23 +17,48 @@
 	struct conn_stream *cs;
 	struct buffer htx_buf = BUF_NULL;
 	struct ist path;
-	char *ptr;
+	char *ptr = b_head(rxbuf);
+	char *end = b_wrap(rxbuf);
+	size_t size = b_size(rxbuf);
+	size_t data = b_data(rxbuf);
 
 	b_alloc(&htx_buf);
 	htx = htx_from_buf(&htx_buf);
 
 	/* skip method */
-	ptr = b_orig(rxbuf);
-	while (HTTP_IS_TOKEN(*ptr))
-		++ptr;
-	BUG_ON(!HTTP_IS_SPHT(*ptr));
-	++ptr;
+	while (data && HTTP_IS_TOKEN(*ptr)) {
+		if (++ptr == end)
+			ptr -= size;
+		data--;
+	}
+
+	if (!data || !HTTP_IS_SPHT(*ptr)) {
+		fprintf(stderr, "truncated stream\n");
+		return 0;
+	}
+
+	if (++ptr == end)
+		ptr -= size;
+
+	if (!--data) {
+		fprintf(stderr, "truncated stream\n");
+		return 0;
+	}
 
 	/* extract path */
 	BUG_ON(HTTP_IS_LWS(*ptr));
 	path.ptr = ptr;
-	while (!HTTP_IS_LWS(*ptr))
-		++ptr;
+	while (data && !HTTP_IS_LWS(*ptr)) {
+		if (++ptr == end)
+			ptr -= size;
+		data--;
+	}
+
+	if (!data) {
+		fprintf(stderr, "truncated stream\n");
+		return 0;
+	}
+
 	BUG_ON(!HTTP_IS_LWS(*ptr));
 	path.len = ptr - path.ptr;