Bug ID 501264: ICAP can hang when server returns a bad chunk header

Last Modified: Sep 13, 2023

Affected Product(s):
BIG-IP LTM(all modules)

Known Affected Versions:
11.3.0, 11.4.0, 11.4.1, 11.5.0, 11.5.1, 11.5.2, 11.5.3, 11.5.4, 11.5.5, 11.5.6, 11.5.7, 11.5.8, 11.5.9, 11.5.10, 11.6.0, 11.6.1, 11.6.2, 11.6.3, 11.6.3.1, 11.6.3.2, 11.6.3.3, 11.6.3.4, 11.6.4, 11.6.5, 11.6.5.1, 11.6.5.2, 11.6.5.3, 12.1.0 HF1, 12.1.0 HF2, 12.1.1 HF1, 12.1.1 HF2, 12.1.2 HF1, 12.1.2 HF2

Fixed In:
12.0.0

Opened: Jan 15, 2015

Severity: 3-Major

Symptoms

When there is an error in a payload chunk header of a response from the ICAP server, the BIG-IP system might hang, awaiting more data from the server, and silently drop the remainder of the response as if the response is incomplete.

Impact

The BIG-IP system might silently drop the remainder of the response as if it was incomplete.

Conditions

There is an error in the chunking of the ICAP server response, where the header specifies a chunk size less than the actual chunk data size, such that there is more data beyond where the next chunk header is expected.

Workaround

Ensure the ICAP server is chunking correctly.

Fix Information

When there is an error in a payload chunk header of a response from the ICAP server, the BIG-IP system detects an error and aborts (RST) the connection to the ICAP server, and performs the configured service-down-action on the HTTP virtual server (the service-down-action is configured in the request-adapt or response-adapt profile).

Behavior Change

Guides & references

K10134038: F5 Bug Tracker Filter Names and Tips