git.ipfire.org Git - thirdparty/haproxy.git/commit

]> git.ipfire.org Git - thirdparty/haproxy.git/commit

projects / thirdparty / haproxy.git / commit

author	Willy Tarreau <w@1wt.eu>
	Wed, 24 Nov 2010 17:31:28 +0000 (18:31 +0100)
committer	Willy Tarreau <w@1wt.eu>
	Sun, 28 Nov 2010 06:06:22 +0000 (07:06 +0100)
commit	b810554f8f45e4488965b5a2fbfcd2f825fa9d3d
tree	2050cc82139949639755944983985485de840fe3	tree \| snapshot
parent	77eb9b8a2d9a9b57b6f60c22a3d0203bbd7a936d	commit \| diff

[CRITICAL] cookies: mixing cookies in indirect mode and appsession can crash the process

Cookies in indirect mode are removed from the cookie header. Three pointers
ought to be updated when appsession cookies are processed next, but were not.
The result is that a memcpy() can be called with a negative value causing the
process to crash. It is not sure whether this can be remotely exploited or not.
(cherry picked from commit c5f3749aa3ccfdebc4992854ea79823d26f66213)

src/proto_http.c

diff | blob | blame | history

Mirror of https://github.com/haproxy/haproxy.git

RSS Atom