RepoMirrors/haproxy
1
0
Fork 0
mirror of http://git.haproxy.org/git/haproxy.git/ synced 2025-03-02 01:20:49 +00:00
Code Issues Packages Projects Releases Wiki Activity

[CRITICAL] an empty header may lead to a crash

Browse Source 
A missing pointer assignment in case of an empty header
will result in this header's length being 65535, causing
a SEGV when accessing the next header. It should not be
possible to exploit this problem to run arbitrary code
because the crash occurs while reading the data.
This commit is contained in:
Willy Tarreau 2007-01-26 23:39:38 +01:00
parent f0d058e8ab
commit b9ebf70a3a
1 changed files with 1 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
src/proto_http.c
View File

@ -1018,6 +1018,7 @@ void http_msg_analyzer(struct buffer *buf, struct http_msg *msg, struct hdr_idx
buf->data[msg->sov] = ' ';
goto http_msg_hdr_l1_sp;
}
msg->eol = ptr;
goto http_msg_complete_header;
http_msg_hdr_val: