Browse Source

haproxy: fixes from upstream

[PATCH 4/5] BUG/MINOR: http: base32+src should use the big endian
[PATCH 5/5] BUG/MEDIUM: connection: fix memory corruption when

Signed-off-by: Thomas Heil <heil@terminal-consulting.de>
lilik-openwrt-22.03
Thomas Heil 10 years ago
parent
commit
6785138bca
3 changed files with 78 additions and 1 deletions
  1. +1
    -1
      net/haproxy/Makefile
  2. +35
    -0
      net/haproxy/patches/0004-BUG-MINOR-http-base32-src-should-use-the-big-endian-.patch
  3. +42
    -0
      net/haproxy/patches/0005-BUG-MEDIUM-connection-fix-memory-corruption-when-bui.patch

+ 1
- 1
net/haproxy/Makefile View File

@ -10,7 +10,7 @@ include $(TOPDIR)/rules.mk
PKG_NAME:=haproxy
PKG_VERSION:=1.5.2
PKG_RELEASE:=03
PKG_RELEASE:=05
PKG_SOURCE:=haproxy-$(PKG_VERSION).tar.gz
PKG_SOURCE_URL:=http://haproxy.1wt.eu/download/1.5/src/
PKG_MD5SUM:=e854fed32ea751d6db7f366cb910225a


+ 35
- 0
net/haproxy/patches/0004-BUG-MINOR-http-base32-src-should-use-the-big-endian-.patch View File

@ -0,0 +1,35 @@
From 0dff81c6a5876172bc1d4725a7a07fddd9d1f369 Mon Sep 17 00:00:00 2001
From: Willy Tarreau <w@1wt.eu>
Date: Tue, 15 Jul 2014 21:34:06 +0200
Subject: [PATCH 4/5] BUG/MINOR: http: base32+src should use the big endian
version of base32
We're using the internal memory representation of base32 here, which is
wrong since these data might be exported to headers for logs or be used
to stick to a server and replicated to other peers. Let's convert base32
to big endian (network representation) when building the binary block.
This mistake is also present in 1.5, it would be better to backport it.
(cherry picked from commit 5ad6e1dc09f0a85aabf86f154b1817b9ebffb568)
---
src/proto_http.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/src/proto_http.c b/src/proto_http.c
index 94afed7..b7ed85d 100644
--- a/src/proto_http.c
+++ b/src/proto_http.c
@@ -10358,8 +10358,8 @@ smp_fetch_base32_src(struct proxy *px, struct session *l4, void *l7, unsigned in
return 0;
temp = get_trash_chunk();
- memcpy(temp->str + temp->len, &smp->data.uint, sizeof(smp->data.uint));
- temp->len += sizeof(smp->data.uint);
+ *(unsigned int *)temp->str = htonl(smp->data.uint);
+ temp->len += sizeof(unsigned int);
switch (cli_conn->addr.from.ss_family) {
case AF_INET:
--
1.8.5.5

+ 42
- 0
net/haproxy/patches/0005-BUG-MEDIUM-connection-fix-memory-corruption-when-bui.patch View File

@ -0,0 +1,42 @@
From 66dbae025876a65c81ae3c4011e3aa3b630b42f7 Mon Sep 17 00:00:00 2001
From: Dave McCowan <11235david@gmail.com>
Date: Thu, 17 Jul 2014 14:34:01 -0400
Subject: [PATCH 5/5] BUG/MEDIUM: connection: fix memory corruption when
building a proxy v2 header
Use temporary trash chunk, instead of global trash chunk in
make_proxy_line_v2() to avoid memory overwrite.
This fix must also be backported to 1.5.
(cherry picked from commit 77d1f0143e210c13ee8ec6aaf6b3150fa4ce6c5b)
---
src/connection.c | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)
diff --git a/src/connection.c b/src/connection.c
index 20a911b..3435b1a 100644
--- a/src/connection.c
+++ b/src/connection.c
@@ -622,6 +622,7 @@ int make_proxy_line_v2(char *buf, int buf_len, struct server *srv, struct connec
char *value = NULL;
struct tlv_ssl *tlv;
int ssl_tlv_len = 0;
+ struct chunk *cn_trash;
#endif
if (buf_len < PP2_HEADER_LEN)
@@ -682,8 +683,9 @@ int make_proxy_line_v2(char *buf, int buf_len, struct server *srv, struct connec
tlv->verify = htonl(ssl_sock_get_verify_result(remote));
}
if (srv->pp_opts & SRV_PP_V2_SSL_CN) {
- if (ssl_sock_get_remote_common_name(remote, &trash) > 0) {
- tlv_len = make_tlv(&buf[ret+ssl_tlv_len], (buf_len - ret - ssl_tlv_len), PP2_TYPE_SSL_CN, trash.len, trash.str);
+ cn_trash = get_trash_chunk();
+ if (ssl_sock_get_remote_common_name(remote, &cn_trash) > 0) {
+ tlv_len = make_tlv(&buf[ret+ssl_tlv_len], (buf_len - ret - ssl_tlv_len), PP2_TYPE_SSL_CN, cn_trash->len, cn_trash->str);
ssl_tlv_len += tlv_len;
}
}
--
1.8.5.5

Loading…
Cancel
Save