From: Christopher Faulet <cfaulet@haproxy.com>
Date: Fri, 4 Jul 2025 06:32:05 +0000 (+0200)
Subject: BUG/MINOR: proto-tcp: Take care to initialized tcp_md5sig structure
X-Git-Tag: v3.3-dev3~43
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=3cc5991c9b0a450028ef0302be4b2b73b4350e93;p=thirdparty%2Fhaproxy.git

BUG/MINOR: proto-tcp: Take care to initialized tcp_md5sig structure

When the TCP MD5 signature is enabled, on a listening socket or an outgoing
one, the tcp_md5sig structure must be initialized first.

It is a 3.3-specific issue. No backport needed.
---

diff --git a/src/proto_tcp.c b/src/proto_tcp.c
index 1e568fd86..b84a4c5e6 100644
--- a/src/proto_tcp.c
+++ b/src/proto_tcp.c
@@ -536,6 +536,7 @@ int tcp_connect_server(struct connection *conn, int flags)
 	if (srv && srv->tcp_md5sig) {
 		struct tcp_md5sig md5;
 
+		memset(&md5, 0, sizeof(md5));
 		if (conn->dst->ss_family == AF_INET)
 			memcpy(&md5.tcpm_addr, (struct sockaddr_in *)conn->dst, sizeof(struct sockaddr_in));
 		else
@@ -735,6 +736,7 @@ int tcp_bind_listener(struct listener *listener, char *errmsg, int errlen)
 	if (listener->bind_conf->tcp_md5sig) {
 		struct tcp_md5sig md5;
 
+		memset(&md5, 0, sizeof(md5));
 		if (listener->rx.addr.ss_family == AF_INET)
 			memcpy(&md5.tcpm_addr, (struct sockaddr_in *)&listener->rx.addr, sizeof(struct sockaddr_in));
 		else