Skip to content

Commit bfb15ab

Browse files
frobwarewtarreau
authored andcommitted
BUG/MAJOR: http/htx: prevent unbounded loop in http_manage_server_side_cookies
Ensure calls to http_find_header() terminate. If a "Set-Cookie2" header is found then the while(1) loop in http_manage_server_side_cookies() will never terminate, resulting in the watchdog firing and the process terminating via SIGABRT. The while(1) loop becomes unbounded because an unmatched call to http_find_header("Set-Cookie") will leave ctx->blk=NULL. Subsequent calls to check for "Set-Cookie2" will now enumerate from the beginning of all the blocks and will once again match on subsequent passes (assuming a match first time around), hence the loop becoming unbounded. This issue was introduced with HTX and this fix should be backported to all versions supporting HTX. Many thanks to Grant Spence (gspence@redhat.com) for working through this issue with me.
1 parent 1d5fdc5 commit bfb15ab

File tree

1 file changed

+1
-1
lines changed

1 file changed

+1
-1
lines changed

Diff for: src/http_ana.c

+1-1
Original file line numberDiff line numberDiff line change
@@ -3418,7 +3418,7 @@ static void http_manage_server_side_cookies(struct stream *s, struct channel *re
34183418
while (1) {
34193419
int is_first = 1;
34203420

3421-
if (!http_find_header(htx, ist("Set-Cookie"), &ctx, 1)) {
3421+
if (is_cookie2 || !http_find_header(htx, ist("Set-Cookie"), &ctx, 1)) {
34223422
if (!http_find_header(htx, ist("Set-Cookie2"), &ctx, 1))
34233423
break;
34243424
is_cookie2 = 1;

0 commit comments

Comments
 (0)