RepoMirrors
/
haproxy
mirror of http://git.haproxy.org/git/haproxy.git/
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

BUG/MINOR: payload: fix SSLv2 version parser 

A typo resulting from a copy-paste in the original req.ssl_ver code will
make certain SSLv2 hello messages not properly detected. The bug has been
present since the code was added in 1.3.16. In 1.3 and 1.4, this code was
in proto_tcp.c. In 1.5-dev0, it moved to acl.c, then later to payload.c.

This bug was tagged "minor" because SSLv2 is outdated and this encoding
was rarely (if at all) used, the shorter form starting with 0x80 being
more common.

This fix needs to be backported to all currently maintained branches.
This commit is contained in:
Willy Tarreau 2016-08-30 14:39:46 +02:00
parent 5457eb49b4
commit 74967f60ec
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
src/payload.c
View File

@ -435,7 +435,7 @@ smp_fetch_req_ssl_ver(const struct arg *args, struct sample *smp, const char *kw
/* long header format : 14 bits for length + pad length */
rlen = ((data[0] & 0x3F) << 8) | data[1];
plen = data[2];
bleft -= 3; data += 2;
bleft -= 3; data += 3;
}
if (*data != 0x01)