BUG/MINOR: checks: chained expect will not properly wait for enough data

TCP check expect matching strings or binary patterns are able to know prior to applying their match function whether the available data is already sufficient to attempt the match or not. As such, on insufficient data the expect is postponed. This behavior avoids unnecessary matches when the data could not possibly match. When chaining expect, upon passing the previous and going onto the next however, this length check is not done again. Then the match is done and will necessarily fail, triggering a new wait for more data. The end result is the same for a slightly higher cost. Check received data length for all expects in a chain. This bug exists since the introduction of the feature: Fixes: 5ecb77f4c76f ("MEDIUM: checks: add send/expect tcp based check") Version 1.5+ impacted.
2020-02-13 10:30:01 +01:00 · 2020-02-13 10:30:01 +01:00 · 738ee76aa7
commit 738ee76aa7
parent 31c30fdf1e
1 changed files with 1 additions and 1 deletions
--- a/src/checks.c
+++ b/src/checks.c
@ -3150,10 +3150,10 @@ static int tcpcheck_main(struct check *check)
 				goto out_end_tcpcheck;
 			}

+		tcpcheck_expect:
 			if (!done && (check->current_step->string != NULL) && (b_data(&check->bi) < check->current_step->string_len) )
 				continue; /* try to read more */

-		tcpcheck_expect:
 			if (check->current_step->string != NULL)
 				ret = my_memmem(contentptr, b_data(&check->bi), check->current_step->string, check->current_step->string_len) != NULL;
 			else if (check->current_step->expect_regex != NULL)