RepoMirrors/haproxy
1
0
Fork 0
mirror of http://git.haproxy.org/git/haproxy.git/ synced 2024-12-27 23:22:09 +00:00
Code Issues Packages Projects Releases Wiki Activity

BUG/MINOR: h3: prevent overflow when parsing SETTINGS

Browse Source 
h3_parse_settings_frm() read one byte after the frame payload. Fix the
parsing code. In most cases, this has no impact as we are inside an
allocated buffer but it could cause a segfault depending on the buffer
alignment.
This commit is contained in:
Amaury Denoyelle 2022-05-24 16:30:11 +02:00
parent 081479df92
commit 160507d0ba
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
src/h3.c
View File

@ -352,7 +352,7 @@ static int h3_parse_settings_frm(struct h3c *h3c, const struct ncbuf *rxbuf, siz
buf = (const unsigned char *)ncb_head(rxbuf);
end = buf + flen;
while (buf <= end) {
while (buf < end) {
if (!quic_dec_int(&id, &buf, end) || !quic_dec_int(&value, &buf, end))
return 0;