]> git.ipfire.org Git - thirdparty/haproxy.git/commitdiff
projects / thirdparty / haproxy.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: ce2ecc9)
MINOR: quic: Possible overflow in qpack_get_varint()
authorFrédéric Lécaille <flecaille@haproxy.com>
Wed, 2 Feb 2022 13:56:23 +0000 (14:56 +0100)
committerAmaury Denoyelle <adenoyelle@haproxy.com>
Mon, 14 Feb 2022 14:20:54 +0000 (15:20 +0100)
This should fix CID 375051 in GH 1536 where a signed integer expression (1 << bit)
which could overflow was compared to a uint64_t.

src/qpack-dec.c patch | blob | blame | history

diff --git a/src/qpack-dec.c b/src/qpack-dec.c
index 6c55495b2796b72154f0d1961b95be9b75eef562..3bfa8e98eea399c79d36b043073849fb0a25845e 100644 (file)
--- a/src/qpack-dec.c
+++ b/src/qpack-dec.c
@@ -67,8 +67,8 @@ static uint64_t qpack_get_varint(const unsigned char **buf, uint64_t *len_in, in
        uint8_t shift = 0;
 
        len--;
-       ret = *raw++ & ((1 << b) - 1);
-       if (ret != (uint64_t)((1 << b) - 1))
+       ret = *raw++ & ((1ULL << b) - 1);
+       if (ret != (uint64_t)((1ULL << b) - 1))
                goto end;
 
        while (len && (*raw & 128)) {
Mirror of https://github.com/haproxy/haproxy.git