Re: [PR] Pick up many more master branch commits to 10.2.x [trafficserver]

Tue, 02 Jun 2026 14:41:26 -0700 


Copilot commented on code in PR #13224:
URL: https://github.com/apache/trafficserver/pull/13224#discussion_r3344588304


##########
src/iocore/net/NetVConnection.cc:
##########
@@ -51,11 +51,19 @@ DbgCtl dbg_ctl_ssl{"ssl"};
    If the buffer has PROXY Protocol, it will be consumed by this function.
  */
 bool
-NetVConnection::has_proxy_protocol(IOBufferReader *reader)
+NetVConnection::has_proxy_protocol(IOBufferReader *reader, int max_header_size)
 {
-  char           buf[PPv1_CONNECTION_HEADER_LEN_MAX + 1];
   swoc::TextView tv;
-  tv.assign(buf, reader->memcpy(buf, sizeof(buf), 0));
+
+  char preface[PPv2_CONNECTION_HEADER_LEN];
+  tv.assign(preface, reader->memcpy(preface, sizeof(preface), 0));
+  if (!proxy_protocol_detect(tv)) {
+    return false;
+  }
+
+  int  bufsize = max_header_size;
+  char buf[bufsize];
+  tv.assign(buf, reader->memcpy(buf, bufsize, 0));

Review Comment:
   `NetVConnection::has_proxy_protocol(IOBufferReader*, int)` declares `char 
buf[bufsize];` where `bufsize` is runtime. This is a variable-length array, 
which is not valid C++ (and will fail on compilers like Clang/MSVC), and it can 
also allocate up to `max_header_size` (potentially 64KiB) on the stack. Use a 
heap-backed buffer (e.g. `std::string`/`std::vector`) instead.



##########
src/iocore/net/ProxyProtocol.cc:
##########
@@ -237,7 +238,7 @@ proxy_protocol_v2_parse(ProxyProtocol *pp_info, const 
swoc::TextView &msg)
   uint16_t       tlv_len   = 0;
 
   if (msg.size() < total_len) {
-    Dbg(dbg_ctl_proxyprotocol_v2, "The amount of available data is smaller 
than the expected size");
+    Error("The size of PP header received (%zu) is smaller than the expected 
size (%zu)", msg.size(), total_len);
     return 0;

Review Comment:
   `proxy_protocol_v2_parse()` logs an `Error` when `msg.size() < total_len`. 
In the accept/probe path this function can be called with only a partial PROXY 
v2 header available (e.g. first read delivers just the fixed 16-byte preface), 
so this would emit error.log noise for normal incremental reads. Consider 
keeping this at debug level (as before) and reserving `Error` for definitive 
invalid headers.



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: [email protected]

For queries about this service, please contact Infrastructure at:
[email protected]

Reply via email to