Le 19/04/2019 à 11:40, William Dauchy a écrit :
Hi,
On Fri, Apr 19, 2019 at 6:26 AM Willy Tarreau <w...@1wt.eu> wrote:
Good catch but in my opinion we should instead fix the called function
(h1_skip_chunk_crlf). h1_skip_chunk_size() properly deals with the case
where start==stop, but h1_skip_chunk_crlf() says "If not enough data are
available, the function does not change anything and returns zero", which
is not true so others will be caught again. Thus your mux-h1 code was
correct. I'd rather simply do this to comply with the promise in the
comment :
diff --git a/include/common/h1.h b/include/common/h1.h
index f0f2039..4b73ed4 100644
--- a/include/common/h1.h
+++ b/include/common/h1.h
@@ -201,6 +201,9 @@ static inline int h1_skip_chunk_crlf(const struct buffer *bu
const char *ptr = b_peek(buf, start);
int bytes = 1;
+ if (stop <= start)
+ return 0;
+
/* NB: we'll check data availability at the end. It's not a
* problem because whatever we match first will be checked
* against the correct length.
I also prefer the second patch which protects h1_skip_chunk_crlf. I
tested them, both are fixing the segfault anyway.
Thanks guys for the quick answers and proposed patch.
Thanks for your feedback. I also agree that Willy's version is better.
The fix was pushed in upstream and backported in 1.9.
--
Christopher
