]>
git.ipfire.org Git - thirdparty/haproxy.git/commit
BUG/MINOR: quic: Possible crash in parse_retry_token()
We must check the decoded length of this incoming data before copying into our
internal structure. This could lead to crashes.
Reproduced with such a packet captured from QUIC interop.
{
0xc5, 0x00, 0x00, 0x00, 0x01, 0x12, 0xf2, 0x65,
0x4d, 0x9d, 0x58, 0x90, 0x23, 0x7e, 0x67, 0xef,
0xf8, 0xef, 0x5b, 0x87, 0x48, 0xbe, 0xde, 0x7a, /* corrupted byte: 0x11, */
0x01, 0xdc, 0x41, 0xbf, 0xfb, 0x07, 0x39, 0x9f,
0xfd, 0x96, 0x67, 0x5f, 0x58, 0x03, 0x57, 0x74,
0xc7, 0x26, 0x00, 0x45, 0x25, 0xdc, 0x7f, 0xf1,
0x22, 0x1d,
}
projects / thirdparty / haproxy.git / commit
