pool/haproxy
SHA256
2
0
Fork 1
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
d2f17d76bd
haproxy/0015-BUG-MAJOR-http-don-t-call-http_send_name_header-afte.patch
Dominique Leuenberger 26c4149063 Accepting request 329654 from network:ha-clustering:Factory 
- Backport patches from upstream:
  - BUG/MINOR: http: remove stupid HTTP_METH_NONE entry
  - BUG/MAJOR: http: don't call http_send_name_header() after an error
- Add 0014-BUG-MINOR-http-remove-stupid-HTTP_METH_NONE-entry.patch
- Add 0015-BUG-MAJOR-http-don-t-call-http_send_name_header-afte.patch

- Backport patches from upstream:
  - BUG/MINOR: log: missing some ARGC_* entries in fmt_directives()
  - DOC: usesrc root privileges requirements
  - BUILD: ssl: Allow building against libssl without SSLv3.
  - DOC/MINOR: fix OpenBSD versions where haproxy works
  - BUG/MINOR: http/sample: gmtime/localtime can fail
  - DOC: typo in 'redirect', 302 code meaning
  - DOC: mention that %ms is left-padded with zeroes.
  - CLEANUP: .gitignore: ignore more test files
  - CLEANUP: .gitignore: finally ignore everything but what is known.
  - MEDIUM: config: emit a warning on a frontend without listener
  - BUG/MEDIUM: counters: ensure that src_{inc,clr}_gpc0 creates a missing entry
  - DOC: ssl: missing LF
  - DOC: fix example of http-request using ssl_fc_session_id
- Add 0001-BUG-MINOR-log-missing-some-ARGC_-entries-in-fmt_dire.patch
- Add 0002-DOC-usesrc-root-privileges-requirements.patch
- Add 0003-BUILD-ssl-Allow-building-against-libssl-without-SSLv.patch
- Add 0004-DOC-MINOR-fix-OpenBSD-versions-where-haproxy-works.patch
- Add 0005-BUG-MINOR-http-sample-gmtime-localtime-can-fail.patch
- Add 0006-DOC-typo-in-redirect-302-code-meaning.patch
- Add 0007-DOC-mention-that-ms-is-left-padded-with-zeroes.patch
- Add 0008-CLEANUP-.gitignore-ignore-more-test-files.patch
- Add 0009-CLEANUP-.gitignore-finally-ignore-everything-but-wha.patch
- Add 0010-MEDIUM-config-emit-a-warning-on-a-frontend-without-l.patch (forwarded request 329653 from KGronlund)

OBS-URL: https://build.opensuse.org/request/show/329654
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/haproxy?expand=0&rev=32
2015-09-08 15:45:55 +00:00

50 lines
2.1 KiB
Diff
Raw Blame History

From 3f34b5539e7ba31e44055d853b9ba496e73e0bae Mon Sep 17 00:00:00 2001
From: Willy Tarreau <w@1wt.eu>
Date: Mon, 7 Sep 2015 19:32:33 +0200
Subject: [PATCH 15/15] BUG/MAJOR: http: don't call http_send_name_header()
after an error
A crash was reported when using the "famous" http-send-name-header
directive. This time it's a bit tricky, it requires a certain number of
conditions to be met including maxconn on a server, queuing, timeout in
the queue and cookie-based persistence.
The problem is that in stream.c, before calling http_send_name_header(),
we check a number of conditions to know if we have to replace the header
name. But prior to reaching this place, it's possible for
sess_update_stream_int() to fail and change the stream-int's state to
SI_ST_CLO, send an error 503 to the client, and flush all buffers. But
http_send_name_header() can only be called with valid buffer contents
matching the http_msg's description. So when it rewinds the stream to
modify the header, buf->o becomes negative by the size of the incoming
request and is used as the argument to memmove() which basically
displaces 4GB of memory off a few bytes to write the new name, resulting
in a core and a core file that's really not fun to play with.
The solution obviously consists in refraining from calling this nasty
function when the stream interface is already closed.
This bug also affects 1.5 and possibly 1.4, so the fix must be backported
there.
(cherry picked from commit 9c03b33329cb4924716edc1c851913a18b0670dc)
---
src/session.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/session.c b/src/session.c
index 6d62e36..7520a85 100644
--- a/src/session.c
+++ b/src/session.c
@@ -2293,7 +2293,7 @@ struct task *process_session(struct task *t)
/* Now we can add the server name to a header (if requested) */
/* check for HTTP mode and proxy server_name_hdr_name != NULL */
- if ((s->si[1].state >= SI_ST_CON) &&
+ if ((s->si[1].state >= SI_ST_CON) && (s->si[1].state < SI_ST_CLO) &&
(s->be->server_id_hdr_name != NULL) &&
(s->be->mode == PR_MODE_HTTP) &&
objt_server(s->target)) {
--
2.1.4
Reference in New Issue View Git Blame Copy Permalink