On Tue, 03 Mar 2015 19:35:34 +0100
Cyril Bonté <[email protected]> wrote:
> Hi Thierry,
>
> Le 01/03/2015 13:47, Thierry FOURNIER a écrit :
> >
> > HAProxy Lua Hello world
> >
> > HAProxy configuration file (hello_world.conf):
> >
> > global
> > lua-load hello_world.lua
> >
> > listen proxy
> > bind 127.0.0.1:10001
> > tcp-request content lua hello_world
> >
> >
> > HAProxy Lua file (hello_world.lua):
> >
> > function hello_world(txn)
> > local res = txn:res_channel()
> > res:send("hello world\n")
> > end
> >
>
> I was wondering what would happen if a response was greater than the buffer.
> It appears that sometimes it works, sometime not.
>
> The function I used :
> function hello_world(txn)
> local res = txn:res_channel()
> s = ""
> for i = 1,32768 do
> s = s .. "x"
> end
> res:send(s)
> end
>
> Then :
> $ while true; do s=$(curl -s http://localhost:10001/|wc -c); echo $s; if
> [[ $s != 32768 ]]; then break; fi; done
> 32768
> 32768
> 32768
> 32768
> 32768
> 32768
> 32768
> 32768
> 32768
> 32768
> 32768
> 32768
> 539952
> => Randomly, it will send extra data after the 16384 first bytes (with a
> buffer of 16384 bytes), containing other parts of the memory, which may
> leak other requests data.
>
Thank you Cyril for the bug repport. I join the patch that fix this issue.
Thierry
>From 32fa948331282ae22728c689bbbb5d12bdb20125 Mon Sep 17 00:00:00 2001
From: Thierry FOURNIER <[email protected]>
Date: Wed, 4 Mar 2015 11:44:47 +0100
Subject: [PATCH] BUG/MAJOR: lua: send function fails and return bad bytes
In some cases the Lua "send" function fails. This is caused by the
return of "buffer_replace2()" is not tested. I checked avalaible space
in the buffer and I supposed than "buffer_replace2()" took all the
data. In some cases, "buffer_replace2()" cannot take the incoming
data, it returns the amount of data copied.
This patch check the amount of data really copied by "buffer_replace2()"
and advance the buffer with taking this value in account.
---
src/hlua.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/hlua.c b/src/hlua.c
index 1df18b6..d3f302f 100644
--- a/src/hlua.c
+++ b/src/hlua.c
@@ -2091,7 +2091,7 @@ __LJMP static int _hlua_channel_send(lua_State *L)
if (max > len - l)
max = len - l;
- buffer_replace2(chn->chn->buf, chn->chn->buf->p, chn->chn->buf->p, str+l, max);
+ max = buffer_replace2(chn->chn->buf, chn->chn->buf->p, chn->chn->buf->p, str+l, max);
/* buffer replace considers that the input part is filled.
* so, I must forward these new data in the output part.
*/
--
1.7.10.4
