LILiK
/
openwrt-packages-dist
5
0
Fork 0
Code Issues 0 Pull Requests 0 Projects 0 Releases 0 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
1798 Commits
1 Branch
46 MiB
Tree: 070087beee
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '070087beee'
${ noResults }
openwrt-packages-dist/net/haproxy/patches/0002-BUG-MEDIUM-payload-ens...

49 lines
1.4 KiB
Raw Normal View History

haproxy: update to version 1.9 patch 02 - BUILD: fix "make install" to support spaces in the install dirs - BUG/MEDIUM: checks: fix conflicts between agent checks and ssl healthchecks - BUG/MEDIUM: ssl: fix bad ssl context init can cause segfault in case of OOM. - BUG/MINOR: samples: fix unnecessary memcopy converting binary to string. - BUG/MEDIUM: connection: sanitize PPv2 header length before parsing address information - BUG/MEDIUM: pattern: don't load more than once a pattern list. - BUG/MEDIUM: ssl: force a full GC in case of memory shortage - BUG/MINOR: config: don't inherit the default balance algorithm in frontends - BUG/MAJOR: frontend: initialize capture pointers earlier - BUG/MINOR: stats: correctly set the request/response analysers - DOC: fix typo in the body parser documentation for msg.sov - BUG/MINOR: peers: the buffer size is global.tune.bufsize, not trash.size - MINOR: sample: add a few basic internal fetches (nbproc, proc, stopping) - BUG/MAJOR: sessions: unlink session from list on out of memory - BUG/MEDIUM: patterns: previous fix was incomplete - BUG/MEDIUM: payload: ensure that a request channel is available Signed-off-by: Thomas Heil <heil@terminal-consulting.de>
10 years ago
 
  1. From 1e89acb6be9ba6400fe4defd3b6b2cc94c6667d9 Mon Sep 17 00:00:00 2001
  2. From: Willy Tarreau <w@1wt.eu>
  3. Date: Wed, 26 Nov 2014 13:24:24 +0100
  4. Subject: [PATCH 2/2] BUG/MEDIUM: payload: ensure that a request channel is
  5.  available
  6. 

  7. Denys Fedoryshchenko reported a segfault when using certain
  8. sample fetch functions in the "tcp-request connection" rulesets
  9. despite the warnings. This is because some tests for the existence
  10. of the channel were missing.
  11. 

  12. The fetches which were fixed are :
  13.   - req.ssl_hello_type
  14.   - rep.ssl_hello_type
  15.   - req.ssl_sni
  16. 

  17. This fix must be backported to 1.5.
  18. (cherry picked from commit 83f2592bcd2e186beeabcba16be16faaab82bd39)
  19. ---

  20.  src/payload.c | 6 ++++++
  21.  1 file changed, 6 insertions(+)
  22. 

  23. diff --git a/src/payload.c b/src/payload.c

  24. index 4057f6f..f62163c 100644

  25. --- a/src/payload.c

  26. +++ b/src/payload.c

  27. @@ -72,6 +72,9 @@ smp_fetch_ssl_hello_type(struct proxy *px, struct session *s, void *l7, unsigned

  28.  
  29.  	chn = ((opt & SMP_OPT_DIR) == SMP_OPT_DIR_RES) ? s->rep : s->req;
  30.  
  31. +	if (!chn)

  32. +		goto not_ssl_hello;

  33. +

  34.  	bleft = chn->buf->i;
  35.  	data = (const unsigned char *)chn->buf->p;
  36.  
  37. @@ -276,6 +279,9 @@ smp_fetch_ssl_hello_sni(struct proxy *px, struct session *s, void *l7, unsigned

  38.  
  39.  	chn = ((opt & SMP_OPT_DIR) == SMP_OPT_DIR_RES) ? s->rep : s->req;
  40.  
  41. +	if (!chn)

  42. +		goto not_ssl_hello;

  43. +

  44.  	bleft = chn->buf->i;
  45.  	data = (unsigned char *)chn->buf->p;
  46.  
  47. -- 

  48. 2.0.4
  49.