From: Thierry FOURNIER <thierry.fournier@ozon.io>
Date: Sat, 26 May 2018 23:14:47 +0000 (+0200)
Subject: BUG/MEDIUM: lua/socket: Buffer error, may segfault
X-Git-Tag: v1.9-dev1~225
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=66b8919b10d99b022a9105d4908974615c4bba3d;p=thirdparty%2Fhaproxy.git

BUG/MEDIUM: lua/socket: Buffer error, may segfault

The buffer pointer is already updated. It is again updated
when it is given to the function ci_putblk().

This patch must be backported in 1.6, 1.7 and 1.8
---

diff --git a/src/hlua.c b/src/hlua.c
index 0144c3d65f..2f7fe99605 100644
--- a/src/hlua.c
+++ b/src/hlua.c
@@ -1974,7 +1974,7 @@ static int hlua_socket_write_yield(struct lua_State *L,int status, lua_KContext
 	/* send data */
 	if (len < send_len)
 		send_len = len;
-	len = ci_putblk(&s->req, buf+sent, send_len);
+	len = ci_putblk(&s->req, buf, send_len);
 
 	/* "Not enough space" (-1), "Buffer too little to contain
 	 * the data" (-2) are not expected because the available length