From 08e97960c7e7d4d070588b596c5300f6113093c3 Mon Sep 17 00:00:00 2001 From: Thomas Heil Date: Wed, 30 Jul 2014 23:39:29 +0200 Subject: [PATCH] haproxy: bump to version 1.5.3 - upgrade to 1.5.3 - [PATCH 1/3] BUG/MINOR: server: move the directive #endif to the end - [PATCH 2/3] BUG/MINOR: Fix search for -p argument in systemd wrapper. - [PATCH 3/3] BUG/MAJOR: tcp: fix a possible busy spinning loop in Signed-off-by: Thomas Heil --- net/haproxy/Makefile | 6 +- ...-move-the-directive-endif-to-the-end.patch | 42 +++++++ ...-Squid-correctly-responds-400-to-PPv.patch | 29 ----- ...arch-for-p-argument-in-systemd-wrapp.patch | 42 +++++++ ...DOC-fix-typo-in-Unix-Socket-commands.patch | 29 ----- ...x-a-possible-busy-spinning-loop-in-c.patch | 111 ++++++++++++++++++ ...ix-a-memory-leak-in-DHE-key-exchange.patch | 101 ---------------- ...ase32-src-should-use-the-big-endian-.patch | 35 ------ ...ction-fix-memory-corruption-when-bui.patch | 42 ------- ...connection-fix-proxy-v2-header-again.patch | 34 ------ 10 files changed, 198 insertions(+), 273 deletions(-) create mode 100644 net/haproxy/patches/0001-BUG-MINOR-server-move-the-directive-endif-to-the-end.patch delete mode 100644 net/haproxy/patches/0001-DOC-mention-that-Squid-correctly-responds-400-to-PPv.patch create mode 100644 net/haproxy/patches/0002-BUG-MINOR-Fix-search-for-p-argument-in-systemd-wrapp.patch delete mode 100644 net/haproxy/patches/0002-DOC-fix-typo-in-Unix-Socket-commands.patch create mode 100644 net/haproxy/patches/0003-BUG-MAJOR-tcp-fix-a-possible-busy-spinning-loop-in-c.patch delete mode 100644 net/haproxy/patches/0003-BUG-MEDIUM-ssl-Fix-a-memory-leak-in-DHE-key-exchange.patch delete mode 100644 net/haproxy/patches/0004-BUG-MINOR-http-base32-src-should-use-the-big-endian-.patch delete mode 100644 net/haproxy/patches/0005-BUG-MEDIUM-connection-fix-memory-corruption-when-bui.patch delete mode 100644 net/haproxy/patches/0006-BUG-MEDIUM-connection-fix-proxy-v2-header-again.patch diff --git a/net/haproxy/Makefile b/net/haproxy/Makefile index c13d265fa..7d97e53f2 100644 --- a/net/haproxy/Makefile +++ b/net/haproxy/Makefile @@ -9,11 +9,11 @@ include $(TOPDIR)/rules.mk PKG_NAME:=haproxy -PKG_VERSION:=1.5.2 -PKG_RELEASE:=06 +PKG_VERSION:=1.5.3 +PKG_RELEASE:=03 PKG_SOURCE:=haproxy-$(PKG_VERSION).tar.gz PKG_SOURCE_URL:=http://haproxy.1wt.eu/download/1.5/src/ -PKG_MD5SUM:=e854fed32ea751d6db7f366cb910225a +PKG_MD5SUM:=e999a547d57445d5a5ab7eb6a06df9a1 PKG_MAINTAINER:=Thomas Heil PKG_LICENSE:=GPL-2.0 diff --git a/net/haproxy/patches/0001-BUG-MINOR-server-move-the-directive-endif-to-the-end.patch b/net/haproxy/patches/0001-BUG-MINOR-server-move-the-directive-endif-to-the-end.patch new file mode 100644 index 000000000..87a1c39a6 --- /dev/null +++ b/net/haproxy/patches/0001-BUG-MINOR-server-move-the-directive-endif-to-the-end.patch @@ -0,0 +1,42 @@ +From ad65af7dab9b8d8033fd09d8031cc774a6fbf768 Mon Sep 17 00:00:00 2001 +From: Godbach +Date: Mon, 28 Jul 2014 17:31:57 +0800 +Subject: [PATCH 1/3] BUG/MINOR: server: move the directive #endif to the end + of file + +If a source file includes proto/server.h twice or more, redefinition errors will +be triggered for such inline functions as server_throttle_rate(), +server_is_draining(), srv_adm_set_maint() and so on. Just move #endif directive +to the end of file to solve this issue. + +Signed-off-by: Godbach +(cherry picked from commit e468d55998e134dac1b18d5d9d075ffd5691c827) +--- + include/proto/server.h | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/include/proto/server.h b/include/proto/server.h +index 9893266..71c8b13 100644 +--- a/include/proto/server.h ++++ b/include/proto/server.h +@@ -54,8 +54,6 @@ static void inline srv_set_sess_last(struct server *s) + s->counters.last_sess = now.tv_sec; + } + +-#endif /* _PROTO_SERVER_H */ +- + /* + * Registers the server keyword list as a list of valid keywords for next + * parsing sessions. +@@ -200,6 +198,8 @@ static inline void srv_adm_set_ready(struct server *s) + srv_clr_admin_flag(s, SRV_ADMF_FMAINT); + } + ++#endif /* _PROTO_SERVER_H */ ++ + /* + * Local variables: + * c-indent-level: 8 +-- +1.8.5.5 + diff --git a/net/haproxy/patches/0001-DOC-mention-that-Squid-correctly-responds-400-to-PPv.patch b/net/haproxy/patches/0001-DOC-mention-that-Squid-correctly-responds-400-to-PPv.patch deleted file mode 100644 index f9daf4022..000000000 --- a/net/haproxy/patches/0001-DOC-mention-that-Squid-correctly-responds-400-to-PPv.patch +++ /dev/null @@ -1,29 +0,0 @@ -From a124eb6d7838eff2c52cc9bf027594c11e87fae9 Mon Sep 17 00:00:00 2001 -From: Willy Tarreau -Date: Sat, 12 Jul 2014 17:31:07 +0200 -Subject: [PATCH 1/2] DOC: mention that Squid correctly responds 400 to PPv2 - header - -Amos reported that Squid builds 3.5.0.0_20140624 and 3.5.0.0_20140630 -were confirmed to respond correctly here and that any version will do -the same. -(cherry picked from commit 9e1382002aa1ba12dcc637870befd077ff887aad) ---- - doc/proxy-protocol.txt | 1 + - 1 file changed, 1 insertion(+) - -diff --git a/doc/proxy-protocol.txt b/doc/proxy-protocol.txt -index a2dbcea..a3925a4 100644 ---- a/doc/proxy-protocol.txt -+++ b/doc/proxy-protocol.txt -@@ -692,6 +692,7 @@ presented, even with minimal implementations : - - thttpd 2.20c : 400 Bad Request + abort => pass/optimal - - mini-httpd-1.19 : 400 Bad Request + abort => pass/optimal - - haproxy 1.4.21 : 400 Bad Request + abort => pass/optimal -+ - Squid 3 : 400 Bad Request + abort => pass/optimal - - SSL : - - stud 0.3.47 : connection abort => pass/optimal - - stunnel 4.45 : connection abort => pass/optimal --- -1.8.5.5 - diff --git a/net/haproxy/patches/0002-BUG-MINOR-Fix-search-for-p-argument-in-systemd-wrapp.patch b/net/haproxy/patches/0002-BUG-MINOR-Fix-search-for-p-argument-in-systemd-wrapp.patch new file mode 100644 index 000000000..0217b3e9f --- /dev/null +++ b/net/haproxy/patches/0002-BUG-MINOR-Fix-search-for-p-argument-in-systemd-wrapp.patch @@ -0,0 +1,42 @@ +From 715e9b892f564e58489f86c125aed2a8994f16e9 Mon Sep 17 00:00:00 2001 +From: Conrad Hoffmann +Date: Mon, 28 Jul 2014 23:22:43 +0200 +Subject: [PATCH 2/3] BUG/MINOR: Fix search for -p argument in systemd wrapper. + +Searching for the pid file in the list of arguments did not +take flags without parameters into account, like e.g. -de. Because +of this, the wrapper would use a different pid file than haproxy +if such an argument was specified before -p. + +The new version can still yield a false positive for some crazy +situations, like your config file name starting with "-p", but +I think this is as good as it gets without using getopt or some +library. + +Signed-off-by: Conrad Hoffmann +(cherry picked from commit eb2cf45b72a7e14c581276247381dc1ac76be2c0) +--- + src/haproxy-systemd-wrapper.c | 7 ++----- + 1 file changed, 2 insertions(+), 5 deletions(-) + +diff --git a/src/haproxy-systemd-wrapper.c b/src/haproxy-systemd-wrapper.c +index ba07ebe..529b213 100644 +--- a/src/haproxy-systemd-wrapper.c ++++ b/src/haproxy-systemd-wrapper.c +@@ -130,11 +130,8 @@ static void sigint_handler(int signum __attribute__((unused))) + static void init(int argc, char **argv) + { + while (argc > 1) { +- if (**argv == '-') { +- char *flag = *argv + 1; +- --argc; ++argv; +- if (*flag == 'p') +- pid_file = *argv; ++ if ((*argv)[0] == '-' && (*argv)[1] == 'p') { ++ pid_file = *(argv + 1); + } + --argc; ++argv; + } +-- +1.8.5.5 + diff --git a/net/haproxy/patches/0002-DOC-fix-typo-in-Unix-Socket-commands.patch b/net/haproxy/patches/0002-DOC-fix-typo-in-Unix-Socket-commands.patch deleted file mode 100644 index 2a463c878..000000000 --- a/net/haproxy/patches/0002-DOC-fix-typo-in-Unix-Socket-commands.patch +++ /dev/null @@ -1,29 +0,0 @@ -From de9789b37466c37547d8c5d52d96a9d4466eb431 Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Cyril=20Bont=C3=A9?= -Date: Sat, 12 Jul 2014 18:22:42 +0200 -Subject: [PATCH 2/2] DOC: fix typo in Unix Socket commands - -Konstantin Romanenko reported a typo in the HTML documentation. The typo is -already present in the raw text version : the "shutdown sessions" command -should be "shutdown sessions server". -(cherry picked from commit e63a1eb290a1c407453dbcaa16535c85a1904f9e) ---- - doc/configuration.txt | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/doc/configuration.txt b/doc/configuration.txt -index ca21f7d..2d71555 100644 ---- a/doc/configuration.txt -+++ b/doc/configuration.txt -@@ -13869,7 +13869,7 @@ shutdown session - endless transfer is ongoing. Such terminated sessions are reported with a 'K' - flag in the logs. - --shutdown sessions / -+shutdown sessions server / - Immediately terminate all the sessions attached to the specified server. This - can be used to terminate long-running sessions after a server is put into - maintenance mode, for instance. Such terminated sessions are reported with a --- -1.8.5.5 - diff --git a/net/haproxy/patches/0003-BUG-MAJOR-tcp-fix-a-possible-busy-spinning-loop-in-c.patch b/net/haproxy/patches/0003-BUG-MAJOR-tcp-fix-a-possible-busy-spinning-loop-in-c.patch new file mode 100644 index 000000000..f42e7c1a7 --- /dev/null +++ b/net/haproxy/patches/0003-BUG-MAJOR-tcp-fix-a-possible-busy-spinning-loop-in-c.patch @@ -0,0 +1,111 @@ +From f94735eb76e634d7531f9c903113f64820c4cec0 Mon Sep 17 00:00:00 2001 +From: Willy Tarreau +Date: Wed, 30 Jul 2014 08:56:35 +0200 +Subject: [PATCH 3/3] BUG/MAJOR: tcp: fix a possible busy spinning loop in + content track-sc* + +As a consequence of various recent changes on the sample conversion, +a corner case has emerged where it is possible to wait forever for a +sample in track-sc*. + +The issue is caused by the fact that functions relying on sample_process() +don't all exactly work the same regarding the SMP_F_MAY_CHANGE flag and +the output result. Here it was possible to wait forever for an output +sample from stktable_fetch_key() without checking the SMP_OPT_FINAL flag. +As a result, if the client connects and closes without sending the data +and haproxy expects a sample which is capable of coming, it will ignore +this impossible case and will continue to wait. + +This change adds control for SMP_OPT_FINAL before waiting for extra data. +The various relevant functions have been better documented regarding their +output values. + +This fix must be backported to 1.5 since it appeared there. +(cherry picked from commit 6bcb0a84e7256f00793fa8ec8a0d6c19c3b22935) +--- + src/proto_tcp.c | 4 ++-- + src/sample.c | 23 ++++++++++++++++++++++- + src/stick_table.c | 11 ++++++++++- + 3 files changed, 34 insertions(+), 4 deletions(-) + +diff --git a/src/proto_tcp.c b/src/proto_tcp.c +index 9778856..72dc92b 100644 +--- a/src/proto_tcp.c ++++ b/src/proto_tcp.c +@@ -1048,8 +1048,8 @@ int tcp_inspect_request(struct session *s, struct channel *req, int an_bit) + t = rule->act_prm.trk_ctr.table.t; + key = stktable_fetch_key(t, s->be, s, &s->txn, SMP_OPT_DIR_REQ | partial, rule->act_prm.trk_ctr.expr, &smp); + +- if (smp.flags & SMP_F_MAY_CHANGE) +- goto missing_data; ++ if ((smp.flags & SMP_F_MAY_CHANGE) && !(partial & SMP_OPT_FINAL)) ++ goto missing_data; /* key might appear later */ + + if (key && (ts = stktable_get_entry(t, key))) { + session_track_stkctr(&s->stkctr[tcp_trk_idx(rule->action)], t, ts); +diff --git a/src/sample.c b/src/sample.c +index 3a0f3fb..8e62640 100644 +--- a/src/sample.c ++++ b/src/sample.c +@@ -896,6 +896,18 @@ out_error: + * Note: the fetch functions are required to properly set the return type. The + * conversion functions must do so too. However the cast functions do not need + * to since they're made to cast mutiple types according to what is required. ++ * ++ * The caller may indicate in if it considers the result final or not. ++ * The caller needs to check the SMP_F_MAY_CHANGE flag in p->flags to verify ++ * if the result is stable or not, according to the following table : ++ * ++ * return MAY_CHANGE FINAL Meaning for the sample ++ * NULL 0 * Not present and will never be (eg: header) ++ * NULL 1 0 Not present yet, could change (eg: POST param) ++ * NULL 1 1 Not present yet, will not change anymore ++ * smp 0 * Present and will not change (eg: header) ++ * smp 1 0 Present, may change (eg: request length) ++ * smp 1 1 Present, last known value (eg: request length) + */ + struct sample *sample_process(struct proxy *px, struct session *l4, void *l7, + unsigned int opt, +@@ -1153,7 +1165,16 @@ int smp_resolve_args(struct proxy *p) + * and does not contain SMP_OPT_FINAL, then the sample is returned as-is + * with its SMP_F_MAY_CHANGE flag so that the caller can check it and decide to + * take actions (eg: wait longer). If a sample could not be found or could not +- * be converted, NULL is returned. ++ * be converted, NULL is returned. The caller MUST NOT use the sample if the ++ * SMP_F_MAY_CHANGE flag is present, as it is used only as a hint that there is ++ * still hope to get it after waiting longer, and is not converted to string. ++ * The possible output combinations are the following : ++ * ++ * return MAY_CHANGE FINAL Meaning for the sample ++ * NULL * * Not present and will never be (eg: header) ++ * smp 0 * Final value converted (eg: header) ++ * smp 1 0 Not present yet, may appear later (eg: header) ++ * smp 1 1 never happens (either flag is cleared on output) + */ + struct sample *sample_fetch_string(struct proxy *px, struct session *l4, void *l7, + unsigned int opt, struct sample_expr *expr) +diff --git a/src/stick_table.c b/src/stick_table.c +index a708d3c..d39b4ff 100644 +--- a/src/stick_table.c ++++ b/src/stick_table.c +@@ -603,7 +603,16 @@ static sample_to_key_fct sample_to_key[SMP_TYPES][STKTABLE_TYPES] = { + * no key could be extracted, or a pointer to the converted result stored in + * static_table_key in format . If is not NULL, it will be reset + * and its flags will be initialized so that the caller gets a copy of the input +- * sample, and knows why it was not accepted (eg: SMP_F_MAY_CHANGE is present). ++ * sample, and knows why it was not accepted (eg: SMP_F_MAY_CHANGE is present ++ * without SMP_OPT_FINAL). The output will be usable like this : ++ * ++ * return MAY_CHANGE FINAL Meaning for the sample ++ * NULL 0 * Not present and will never be (eg: header) ++ * NULL 1 0 Not present or unstable, could change (eg: req_len) ++ * NULL 1 1 Not present, will not change anymore ++ * smp 0 * Present and will not change (eg: header) ++ * smp 1 0 not possible ++ * smp 1 1 Present, last known value (eg: request length) + */ + struct stktable_key *stktable_fetch_key(struct stktable *t, struct proxy *px, struct session *l4, void *l7, + unsigned int opt, struct sample_expr *expr, struct sample *smp) +-- +1.8.5.5 + diff --git a/net/haproxy/patches/0003-BUG-MEDIUM-ssl-Fix-a-memory-leak-in-DHE-key-exchange.patch b/net/haproxy/patches/0003-BUG-MEDIUM-ssl-Fix-a-memory-leak-in-DHE-key-exchange.patch deleted file mode 100644 index 08c94eb09..000000000 --- a/net/haproxy/patches/0003-BUG-MEDIUM-ssl-Fix-a-memory-leak-in-DHE-key-exchange.patch +++ /dev/null @@ -1,101 +0,0 @@ -From 60d7aeb6e1450995e721d01f48f60b7db4c44e2b Mon Sep 17 00:00:00 2001 -From: Remi Gacogne -Date: Tue, 15 Jul 2014 11:36:40 +0200 -Subject: [PATCH 3/3] BUG/MEDIUM: ssl: Fix a memory leak in DHE key exchange - -OpenSSL does not free the DH * value returned by the callback specified with SSL_CTX_set_tmp_dh_callback(), -leading to a memory leak for SSL/TLS connections using Diffie Hellman Ephemeral key exchange. -This patch fixes the leak by allocating the DH * structs holding the DH parameters once, at configuration time. - -Note: this fix must be backported to 1.5. -(cherry picked from commit 8de5415b85512da871d58d1e9a0a33bd67f3b570) ---- - src/ssl_sock.c | 43 ++++++++++++++++++++++++++++++++++++------- - 1 file changed, 36 insertions(+), 7 deletions(-) - -diff --git a/src/ssl_sock.c b/src/ssl_sock.c -index 375225d..cf8adc7 100644 ---- a/src/ssl_sock.c -+++ b/src/ssl_sock.c -@@ -105,6 +105,13 @@ enum { - int sslconns = 0; - int totalsslconns = 0; - -+#ifndef OPENSSL_NO_DH -+static DH *local_dh_1024 = NULL; -+static DH *local_dh_2048 = NULL; -+static DH *local_dh_4096 = NULL; -+static DH *local_dh_8192 = NULL; -+#endif /* OPENSSL_NO_DH */ -+ - #ifdef SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB - struct certificate_ocsp { - struct ebmb_node key; -@@ -1034,16 +1041,16 @@ static DH *ssl_get_tmp_dh(SSL *ssl, int export, int keylen) - } - - if (keylen >= 8192) { -- dh = ssl_get_dh_8192(); -+ dh = local_dh_8192; - } - else if (keylen >= 4096) { -- dh = ssl_get_dh_4096(); -+ dh = local_dh_4096; - } - else if (keylen >= 2048) { -- dh = ssl_get_dh_2048(); -+ dh = local_dh_2048; - } - else { -- dh = ssl_get_dh_1024(); -+ dh = local_dh_1024; - } - - return dh; -@@ -1079,11 +1086,11 @@ int ssl_sock_load_dh_params(SSL_CTX *ctx, const char *file) - - if (global.tune.ssl_default_dh_param <= 1024) { - /* we are limited to DH parameter of 1024 bits anyway */ -- dh = ssl_get_dh_1024(); -- if (dh == NULL) -+ local_dh_1024 = ssl_get_dh_1024(); -+ if (local_dh_1024 == NULL) - goto end; - -- SSL_CTX_set_tmp_dh(ctx, dh); -+ SSL_CTX_set_tmp_dh(ctx, local_dh_1024); - } - else { - SSL_CTX_set_tmp_dh_callback(ctx, ssl_get_tmp_dh); -@@ -1594,6 +1601,28 @@ int ssl_sock_prepare_ctx(struct bind_conf *bind_conf, SSL_CTX *ctx, struct proxy - global.tune.ssl_default_dh_param = 1024; - } - -+#ifndef OPENSSL_NO_DH -+ if (global.tune.ssl_default_dh_param >= 1024) { -+ if (local_dh_1024 == NULL) { -+ local_dh_1024 = ssl_get_dh_1024(); -+ } -+ if (global.tune.ssl_default_dh_param >= 2048) { -+ if (local_dh_2048 == NULL) { -+ local_dh_2048 = ssl_get_dh_2048(); -+ } -+ if (global.tune.ssl_default_dh_param >= 4096) { -+ if (local_dh_4096 == NULL) { -+ local_dh_4096 = ssl_get_dh_4096(); -+ } -+ if (global.tune.ssl_default_dh_param >= 8192 && -+ local_dh_8192 == NULL) { -+ local_dh_8192 = ssl_get_dh_8192(); -+ } -+ } -+ } -+ } -+#endif /* OPENSSL_NO_DH */ -+ - SSL_CTX_set_info_callback(ctx, ssl_sock_infocbk); - #if OPENSSL_VERSION_NUMBER >= 0x00907000L - SSL_CTX_set_msg_callback(ctx, ssl_sock_msgcbk); --- -1.8.5.5 - diff --git a/net/haproxy/patches/0004-BUG-MINOR-http-base32-src-should-use-the-big-endian-.patch b/net/haproxy/patches/0004-BUG-MINOR-http-base32-src-should-use-the-big-endian-.patch deleted file mode 100644 index 80c5ec52d..000000000 --- a/net/haproxy/patches/0004-BUG-MINOR-http-base32-src-should-use-the-big-endian-.patch +++ /dev/null @@ -1,35 +0,0 @@ -From 0dff81c6a5876172bc1d4725a7a07fddd9d1f369 Mon Sep 17 00:00:00 2001 -From: Willy Tarreau -Date: Tue, 15 Jul 2014 21:34:06 +0200 -Subject: [PATCH 4/5] BUG/MINOR: http: base32+src should use the big endian - version of base32 - -We're using the internal memory representation of base32 here, which is -wrong since these data might be exported to headers for logs or be used -to stick to a server and replicated to other peers. Let's convert base32 -to big endian (network representation) when building the binary block. - -This mistake is also present in 1.5, it would be better to backport it. -(cherry picked from commit 5ad6e1dc09f0a85aabf86f154b1817b9ebffb568) ---- - src/proto_http.c | 4 ++-- - 1 file changed, 2 insertions(+), 2 deletions(-) - -diff --git a/src/proto_http.c b/src/proto_http.c -index 94afed7..b7ed85d 100644 ---- a/src/proto_http.c -+++ b/src/proto_http.c -@@ -10358,8 +10358,8 @@ smp_fetch_base32_src(struct proxy *px, struct session *l4, void *l7, unsigned in - return 0; - - temp = get_trash_chunk(); -- memcpy(temp->str + temp->len, &smp->data.uint, sizeof(smp->data.uint)); -- temp->len += sizeof(smp->data.uint); -+ *(unsigned int *)temp->str = htonl(smp->data.uint); -+ temp->len += sizeof(unsigned int); - - switch (cli_conn->addr.from.ss_family) { - case AF_INET: --- -1.8.5.5 - diff --git a/net/haproxy/patches/0005-BUG-MEDIUM-connection-fix-memory-corruption-when-bui.patch b/net/haproxy/patches/0005-BUG-MEDIUM-connection-fix-memory-corruption-when-bui.patch deleted file mode 100644 index 20321fa76..000000000 --- a/net/haproxy/patches/0005-BUG-MEDIUM-connection-fix-memory-corruption-when-bui.patch +++ /dev/null @@ -1,42 +0,0 @@ -From 66dbae025876a65c81ae3c4011e3aa3b630b42f7 Mon Sep 17 00:00:00 2001 -From: Dave McCowan <11235david@gmail.com> -Date: Thu, 17 Jul 2014 14:34:01 -0400 -Subject: [PATCH 5/5] BUG/MEDIUM: connection: fix memory corruption when - building a proxy v2 header - -Use temporary trash chunk, instead of global trash chunk in -make_proxy_line_v2() to avoid memory overwrite. - -This fix must also be backported to 1.5. -(cherry picked from commit 77d1f0143e210c13ee8ec6aaf6b3150fa4ce6c5b) ---- - src/connection.c | 6 ++++-- - 1 file changed, 4 insertions(+), 2 deletions(-) - -diff --git a/src/connection.c b/src/connection.c -index 20a911b..3435b1a 100644 ---- a/src/connection.c -+++ b/src/connection.c -@@ -622,6 +622,7 @@ int make_proxy_line_v2(char *buf, int buf_len, struct server *srv, struct connec - char *value = NULL; - struct tlv_ssl *tlv; - int ssl_tlv_len = 0; -+ struct chunk *cn_trash; - #endif - - if (buf_len < PP2_HEADER_LEN) -@@ -682,8 +683,9 @@ int make_proxy_line_v2(char *buf, int buf_len, struct server *srv, struct connec - tlv->verify = htonl(ssl_sock_get_verify_result(remote)); - } - if (srv->pp_opts & SRV_PP_V2_SSL_CN) { -- if (ssl_sock_get_remote_common_name(remote, &trash) > 0) { -- tlv_len = make_tlv(&buf[ret+ssl_tlv_len], (buf_len - ret - ssl_tlv_len), PP2_TYPE_SSL_CN, trash.len, trash.str); -+ cn_trash = get_trash_chunk(); -+ if (ssl_sock_get_remote_common_name(remote, &cn_trash) > 0) { -+ tlv_len = make_tlv(&buf[ret+ssl_tlv_len], (buf_len - ret - ssl_tlv_len), PP2_TYPE_SSL_CN, cn_trash->len, cn_trash->str); - ssl_tlv_len += tlv_len; - } - } --- -1.8.5.5 - diff --git a/net/haproxy/patches/0006-BUG-MEDIUM-connection-fix-proxy-v2-header-again.patch b/net/haproxy/patches/0006-BUG-MEDIUM-connection-fix-proxy-v2-header-again.patch deleted file mode 100644 index 3b4cb82e0..000000000 --- a/net/haproxy/patches/0006-BUG-MEDIUM-connection-fix-proxy-v2-header-again.patch +++ /dev/null @@ -1,34 +0,0 @@ -From 04b80cd29b23d02f373c095569e871275d128b43 Mon Sep 17 00:00:00 2001 -From: Willy Tarreau -Date: Sat, 19 Jul 2014 06:37:33 +0200 -Subject: [PATCH 6/6] BUG/MEDIUM: connection: fix proxy v2 header again! - -Last commit 77d1f01 ("BUG/MEDIUM: connection: fix memory corruption -when building a proxy v2 header") was wrong, using &cn_trash instead -of cn_trash resulting in a warning and the client's SSL cert CN not -being stored at the proper location. - -Thanks to Lukas Tribus for spotting this quickly. - -This should be backported to 1.5 after the patch above is backported. -(cherry picked from commit 3b9a0c9d4d083d749846d66f9bd4caabafe4ee78) ---- - src/connection.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/src/connection.c b/src/connection.c -index 3435b1a..2dd2c02 100644 ---- a/src/connection.c -+++ b/src/connection.c -@@ -684,7 +684,7 @@ int make_proxy_line_v2(char *buf, int buf_len, struct server *srv, struct connec - } - if (srv->pp_opts & SRV_PP_V2_SSL_CN) { - cn_trash = get_trash_chunk(); -- if (ssl_sock_get_remote_common_name(remote, &cn_trash) > 0) { -+ if (ssl_sock_get_remote_common_name(remote, cn_trash) > 0) { - tlv_len = make_tlv(&buf[ret+ssl_tlv_len], (buf_len - ret - ssl_tlv_len), PP2_TYPE_SSL_CN, cn_trash->len, cn_trash->str); - ssl_tlv_len += tlv_len; - } --- -1.8.5.5 -