From: Willy Tarreau <w@1wt.eu>
Date: Mon, 1 Feb 2010 15:38:17 +0000 (+0100)
Subject: [MINOR] config: fix too large ssl-hello-check message.
X-Git-Tag: v1.4-rc1~3
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=137325dc71d066f671f06a0a47f65d4c0a1f8aa2;p=thirdparty%2Fhaproxy.git

[MINOR] config: fix too large ssl-hello-check message.

As reported by Cyril Bonté and Hervé Commowick, the ssl-hello-check
should use sizeof()-1 and not sizeof() for the message length.
---

diff --git a/src/cfgparse.c b/src/cfgparse.c
index 4036e29b55..a30a88766e 100644
--- a/src/cfgparse.c
+++ b/src/cfgparse.c
@@ -4817,9 +4817,9 @@ out_uri_auth_compat:
 		}
 
 		if (curproxy->options & PR_O_SSL3_CHK) {
-			curproxy->check_len = sizeof(sslv3_client_hello_pkt);
-			curproxy->check_req = (char *)malloc(sizeof(sslv3_client_hello_pkt));
-			memcpy(curproxy->check_req, sslv3_client_hello_pkt, sizeof(sslv3_client_hello_pkt));
+			curproxy->check_len = sizeof(sslv3_client_hello_pkt) - 1;
+			curproxy->check_req = (char *)malloc(curproxy->check_len);
+			memcpy(curproxy->check_req, sslv3_client_hello_pkt, curproxy->check_len);
 		}
 
 		/* The small pools required for the capture lists */