RepoMirrors
/
haproxy
mirror of http://git.haproxy.org/git/haproxy.git/
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

[CRITICAL] fix risk of crash when dealing with space in response cookies 

When doing fix 24581bae02 to correctly handle
response cookies, an unfortunate typo was inserted in the less likely code
path, resulting in a risk of crash when cookie-based persistence is enabled
and the server emits a cookie with several spaces around the equal sign.

This bug was noticed during a code backport. Its effects were never reported
because this situation is very unlikely to appear, but it can be provoked on
purpose by the server.

This patch must be backported to 1.4 versions which contain the fix above
(anything > 1.4.8), and to similar 1.3 versions > 1.3.25. 1.5-dev versions
after 1.5-dev2 are affected too.
This commit is contained in:
Willy Tarreau 2011-04-07 22:35:37 +02:00
parent 442452034e
commit 1fc1f45618
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
src/proto_http.c
View File

@ -6969,7 +6969,7 @@ void manage_server_side_cookies(struct session *t, struct buffer *res)
hdr_end += stripped_before;
hdr_next += stripped_before;
cur_hdr->len += stripped_before;
http_msg_move_end(&txn->req, stripped_before);
http_msg_move_end(&txn->rsp, stripped_before);
}
/* First, let's see if we want to capture this cookie. We check