haproxy

mirror of http://git.haproxy.org/git/haproxy.git/ synced 2025-01-20 04:30:46 +00:00

History

Fr�d�ric L�caille e9325e97c2 BUG/MEDIUM: quic: Possible use of uninitialized <odcid> variable in qc_lstnr_params_init() When receiving a token into a client Initial packet without a cluster secret defined by configuration, the <odcid> variable used to parse the ODCID from the token could be used without having been initialized. Such a packet must be dropped. So the sufficient part of this patch is this check: + } + else if (!global.cluster_secret && token_len) { + /* Impossible case: a token was received without configured + * cluster secret. + */ + TRACE_PROTO("Packet dropped", QUIC_EV_CONN_LPKT, + NULL, NULL, NULL, qv); + goto drop; } Take the opportunity of this patch to rework and make it more readable this part of code where such a packet must be dropped removing the <check_token> variable. When an ODCID is parsed from a token, new <token_odcid> new pointer variable is set to the address of the parsed ODCID. This way, is not set but used it will make crash haproxy. This was not always the case with an uninitialized local variable. Adapt the API to used such a pointer variable: <token> boolean variable is removed from qc_lstnr_params_init() prototype. This must be backported to 2.6.	2022-08-11 18:33:36 +02:00
..
haproxy	BUG/MEDIUM: quic: Possible use of uninitialized <odcid> variable in qc_lstnr_params_init()	2022-08-11 18:33:36 +02:00
import	MINOR: ebtree: add ebmb_lookup_shorter() to pursue lookups	2022-08-01 11:59:46 +02:00

Fr�d�ric L�caille e9325e97c2 BUG/MEDIUM: quic: Possible use of uninitialized <odcid> variable in qc_lstnr_params_init()

When receiving a token into a client Initial packet without a cluster secret defined
by configuration, the <odcid> variable used to parse the ODCID from the token
could be used without having been initialized. Such a packet must be dropped. So
the sufficient part of this patch is this check:

+             }
+             else if (!global.cluster_secret && token_len) {
+                    /* Impossible case: a token was received without configured
+                    * cluster secret.
+                    */
+                    TRACE_PROTO("Packet dropped", QUIC_EV_CONN_LPKT,
+                    NULL, NULL, NULL, qv);
+                    goto drop;
              }

Take the opportunity of this patch to rework and make it more readable this part
of code where such a packet must be dropped removing the <check_token> variable.
When an ODCID is parsed from a token, new <token_odcid> new pointer variable
is set to the address of the parsed ODCID. This way, is not set but used it will
make crash haproxy. This was not always the case with an uninitialized local
variable.

Adapt the API to used such a pointer variable: <token> boolean variable is removed
from qc_lstnr_params_init() prototype.

This must be backported to 2.6.

2022-08-11 18:33:36 +02:00

haproxy

BUG/MEDIUM: quic: Possible use of uninitialized <odcid> variable in qc_lstnr_params_init()

2022-08-11 18:33:36 +02:00

import

MINOR: ebtree: add ebmb_lookup_shorter() to pursue lookups

2022-08-01 11:59:46 +02:00