From b02b8453d15dfe2c45d132484e381c27f63d2fb1 Mon Sep 17 00:00:00 2001
From: Emeric Brun <ebrun@haproxy.com>
Date: Thu, 3 Apr 2025 10:32:30 +0200
Subject: [PATCH] BUG/MEDIUM: peers: prevent learning expiration too far in
 futur from unsync node

This patch sets the expire of the entry to the max value in
configuration if the value showed in the peer update message
is too far in futur.

This should be backported an all supported branches.
---
 src/peers.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/src/peers.c b/src/peers.c
index e4ac52b22..40fc0e53c 100644
--- a/src/peers.c
+++ b/src/peers.c
@@ -1740,6 +1740,9 @@ static int peer_treat_updatemsg(struct appctx *appctx, struct peer *p, int updt,
 		memcpy(&expire, *msg_cur, expire_sz);
 		*msg_cur += expire_sz;
 		expire = ntohl(expire);
+		/* Protocol contains expire in MS, check if value is less than table config */
+		if (expire > table->expire)
+			expire = table->expire;
 		/* the rest of the code considers expire as ticks and not MS */
 		expire = MS_TO_TICKS(expire);
 	}
-- 
2.47.2