]> git.ipfire.org Git - thirdparty/haproxy.git/commitdiff
projects / thirdparty / haproxy.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: c7cc69a)
BUG/MAJOR: netscaler: address truncated CIP header detection
authorBertrand Jacquin <jacquinb@amazon.com>
Wed, 13 Dec 2017 00:53:33 +0000 (00:53 +0000)
committerWilly Tarreau <w@1wt.eu>
Wed, 20 Dec 2017 06:04:07 +0000 (07:04 +0100)
Buffer line is manually incremented in order to progress in the trash
buffer but calculation are made omitting this manual offset.

This leads to random packets being rejected with the following error:

  HTTP/1: Truncated NetScaler Client IP header received

Instead, once original IP header is found, use the IP header length
without considering the CIP encapsulation.

src/connection.c patch | blob | blame | history

diff --git a/src/connection.c b/src/connection.c
index c06babd926418644e30e9c7f018c6a9142fb97b6..e716e8046788c7957f05c27dc8406664ed767635 100644 (file)
--- a/src/connection.c
+++ b/src/connection.c
@@ -763,9 +763,9 @@ int conn_recv_netscaler_cip(struct connection *conn, int flag)
 
                hdr_ip4 = (struct ip *)line;
 
-               if (trash.len < (8 + ntohs(hdr_ip4->ip_len))) {
+               if (trash.len < ntohs(hdr_ip4->ip_len)) {
                        /* Fail if buffer length is not large enough to contain
-                        * CIP magic, CIP length, IPv4 header */
+                        * IPv4 header */
                        goto missing;
                }
                else if (hdr_ip4->ip_p != IPPROTO_TCP) {
@@ -773,9 +773,9 @@ int conn_recv_netscaler_cip(struct connection *conn, int flag)
                        conn->err_code = CO_ER_CIP_BAD_PROTO;
                        goto fail;
                }
-               else if (trash.len < (28 + ntohs(hdr_ip4->ip_len))) {
+               else if (trash.len < (20 + ntohs(hdr_ip4->ip_len))) {
                        /* Fail if buffer length is not large enough to contain
-                        * CIP magic, CIP length, IPv4 header, TCP header */
+                        * IPv4 header, TCP header */
                        goto missing;
                }
 
@@ -798,9 +798,9 @@ int conn_recv_netscaler_cip(struct connection *conn, int flag)
 
                hdr_ip6 = (struct ip6_hdr *)line;
 
-               if (trash.len < 48) {
+               if (trash.len < 40) {
                        /* Fail if buffer length is not large enough to contain
-                        * CIP magic, CIP length, IPv6 header */
+                        * IPv6 header */
                        goto missing;
                }
                else if (hdr_ip6->ip6_nxt != IPPROTO_TCP) {
@@ -808,9 +808,9 @@ int conn_recv_netscaler_cip(struct connection *conn, int flag)
                        conn->err_code = CO_ER_CIP_BAD_PROTO;
                        goto fail;
                }
-               else if (trash.len < 68) {
+               else if (trash.len < 60) {
                        /* Fail if buffer length is not large enough to contain
-                        * CIP magic, CIP length, IPv6 header, TCP header */
+                        * IPv6 header, TCP header */
                        goto missing;
                }
 
Mirror of https://github.com/haproxy/haproxy.git