From: Willy Tarreau <w@1wt.eu>
Date: Tue, 30 Aug 2016 12:39:46 +0000 (+0200)
Subject: BUG/MINOR: payload: fix SSLv2 version parser
X-Git-Tag: v1.7-dev5~57
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=74967f60ec137f2b6006b33dec8df5464f17cea7;p=thirdparty%2Fhaproxy.git

BUG/MINOR: payload: fix SSLv2 version parser

A typo resulting from a copy-paste in the original req.ssl_ver code will
make certain SSLv2 hello messages not properly detected. The bug has been
present since the code was added in 1.3.16. In 1.3 and 1.4, this code was
in proto_tcp.c. In 1.5-dev0, it moved to acl.c, then later to payload.c.

This bug was tagged "minor" because SSLv2 is outdated and this encoding
was rarely (if at all) used, the shorter form starting with 0x80 being
more common.

This fix needs to be backported to all currently maintained branches.
---

diff --git a/src/payload.c b/src/payload.c
index 0cac555da0..3a534c3779 100644
--- a/src/payload.c
+++ b/src/payload.c
@@ -435,7 +435,7 @@ smp_fetch_req_ssl_ver(const struct arg *args, struct sample *smp, const char *kw
 			/* long header format : 14 bits for length + pad length */
 			rlen = ((data[0] & 0x3F) << 8) | data[1];
 			plen = data[2];
-			bleft -= 3; data += 2;
+			bleft -= 3; data += 3;
 		}
 
 		if (*data != 0x01)