diff options
| author | Thomas Heil <heil@terminal-consulting.de> | 2014-07-18 14:58:29 +0200 |
|---|---|---|
| committer | Thomas Heil <heil@terminal-consulting.de> | 2014-07-18 14:58:29 +0200 |
| commit | 6785138bcaecab45d74a17be8c7716141ff54557 (patch) | |
| tree | 49c30672801635c0eb9fc0266e01c63bfcce2234 /net | |
| parent | e373aa5868d25670e9ac105f9a13b4b6c43af971 (diff) | |
haproxy: fixes from upstream
[PATCH 4/5] BUG/MINOR: http: base32+src should use the big endian
[PATCH 5/5] BUG/MEDIUM: connection: fix memory corruption when
Signed-off-by: Thomas Heil <heil@terminal-consulting.de>
Diffstat (limited to 'net')
3 files changed, 78 insertions, 1 deletions
diff --git a/net/haproxy/Makefile b/net/haproxy/Makefile index 690821078..04d640c15 100644 --- a/net/haproxy/Makefile +++ b/net/haproxy/Makefile @@ -10,7 +10,7 @@ include $(TOPDIR)/rules.mk PKG_NAME:=haproxy PKG_VERSION:=1.5.2 -PKG_RELEASE:=03 +PKG_RELEASE:=05 PKG_SOURCE:=haproxy-$(PKG_VERSION).tar.gz PKG_SOURCE_URL:=http://haproxy.1wt.eu/download/1.5/src/ PKG_MD5SUM:=e854fed32ea751d6db7f366cb910225a diff --git a/net/haproxy/patches/0004-BUG-MINOR-http-base32-src-should-use-the-big-endian-.patch b/net/haproxy/patches/0004-BUG-MINOR-http-base32-src-should-use-the-big-endian-.patch new file mode 100644 index 000000000..80c5ec52d --- /dev/null +++ b/net/haproxy/patches/0004-BUG-MINOR-http-base32-src-should-use-the-big-endian-.patch @@ -0,0 +1,35 @@ +From 0dff81c6a5876172bc1d4725a7a07fddd9d1f369 Mon Sep 17 00:00:00 2001 +From: Willy Tarreau <w@1wt.eu> +Date: Tue, 15 Jul 2014 21:34:06 +0200 +Subject: [PATCH 4/5] BUG/MINOR: http: base32+src should use the big endian + version of base32 + +We're using the internal memory representation of base32 here, which is +wrong since these data might be exported to headers for logs or be used +to stick to a server and replicated to other peers. Let's convert base32 +to big endian (network representation) when building the binary block. + +This mistake is also present in 1.5, it would be better to backport it. +(cherry picked from commit 5ad6e1dc09f0a85aabf86f154b1817b9ebffb568) +--- + src/proto_http.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/src/proto_http.c b/src/proto_http.c +index 94afed7..b7ed85d 100644 +--- a/src/proto_http.c ++++ b/src/proto_http.c +@@ -10358,8 +10358,8 @@ smp_fetch_base32_src(struct proxy *px, struct session *l4, void *l7, unsigned in + return 0; + + temp = get_trash_chunk(); +- memcpy(temp->str + temp->len, &smp->data.uint, sizeof(smp->data.uint)); +- temp->len += sizeof(smp->data.uint); ++ *(unsigned int *)temp->str = htonl(smp->data.uint); ++ temp->len += sizeof(unsigned int); + + switch (cli_conn->addr.from.ss_family) { + case AF_INET: +-- +1.8.5.5 + diff --git a/net/haproxy/patches/0005-BUG-MEDIUM-connection-fix-memory-corruption-when-bui.patch b/net/haproxy/patches/0005-BUG-MEDIUM-connection-fix-memory-corruption-when-bui.patch new file mode 100644 index 000000000..20321fa76 --- /dev/null +++ b/net/haproxy/patches/0005-BUG-MEDIUM-connection-fix-memory-corruption-when-bui.patch @@ -0,0 +1,42 @@ +From 66dbae025876a65c81ae3c4011e3aa3b630b42f7 Mon Sep 17 00:00:00 2001 +From: Dave McCowan <11235david@gmail.com> +Date: Thu, 17 Jul 2014 14:34:01 -0400 +Subject: [PATCH 5/5] BUG/MEDIUM: connection: fix memory corruption when + building a proxy v2 header + +Use temporary trash chunk, instead of global trash chunk in +make_proxy_line_v2() to avoid memory overwrite. + +This fix must also be backported to 1.5. +(cherry picked from commit 77d1f0143e210c13ee8ec6aaf6b3150fa4ce6c5b) +--- + src/connection.c | 6 ++++-- + 1 file changed, 4 insertions(+), 2 deletions(-) + +diff --git a/src/connection.c b/src/connection.c +index 20a911b..3435b1a 100644 +--- a/src/connection.c ++++ b/src/connection.c +@@ -622,6 +622,7 @@ int make_proxy_line_v2(char *buf, int buf_len, struct server *srv, struct connec + char *value = NULL; + struct tlv_ssl *tlv; + int ssl_tlv_len = 0; ++ struct chunk *cn_trash; + #endif + + if (buf_len < PP2_HEADER_LEN) +@@ -682,8 +683,9 @@ int make_proxy_line_v2(char *buf, int buf_len, struct server *srv, struct connec + tlv->verify = htonl(ssl_sock_get_verify_result(remote)); + } + if (srv->pp_opts & SRV_PP_V2_SSL_CN) { +- if (ssl_sock_get_remote_common_name(remote, &trash) > 0) { +- tlv_len = make_tlv(&buf[ret+ssl_tlv_len], (buf_len - ret - ssl_tlv_len), PP2_TYPE_SSL_CN, trash.len, trash.str); ++ cn_trash = get_trash_chunk(); ++ if (ssl_sock_get_remote_common_name(remote, &cn_trash) > 0) { ++ tlv_len = make_tlv(&buf[ret+ssl_tlv_len], (buf_len - ret - ssl_tlv_len), PP2_TYPE_SSL_CN, cn_trash->len, cn_trash->str); + ssl_tlv_len += tlv_len; + } + } +-- +1.8.5.5 + |