From: Frédéric Lécaille Date: Fri, 24 May 2019 12:34:34 +0000 (+0200) Subject: BUG/MINOR: peers: Wrong stick-table update message building. X-Git-Tag: v2.0-dev6~58 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=0e8db97df40787fc7ac7ae83a66e4bcc28a79394;p=thirdparty%2Fhaproxy.git BUG/MINOR: peers: Wrong stick-table update message building. When creating this patch "CLEANUP: peers: Replace hard-coded values by macros", we realized there was a remaining place in peer_prepare_updatemsg() where the maximum of an encoded length harcoded value could be replaced by PEER_MSG_ENCODED_LENGTH_MAXLEN macro. But in this case, the 1 harcoded value for the header length is wrong. Should be 2 or PEER_MSG_HEADER_LEN. So, there is a missing byte to encode the length of remaining data after the header. Note that the bug was never encountered because even with a missing byte, we could encode a maximum length which would be (1<<25) (32MB) according to the following extract of the peers protocol documentation which were from far a never reached limit I guess: I) Encoded Integer and Bitfield. 0 <= X < 240 : 1 byte (7.875 bits) [ XXXX XXXX ] 240 <= X < 2288 : 2 bytes (11 bits) [ 1111 XXXX ] [ 0XXX XXXX ] 2288 <= X < 264432 : 3 bytes (18 bits) [ 1111 XXXX ] [ 1XXX XXXX ] [ 0XXX XXXX ] 264432 <= X < 33818864 : 4 bytes (25 bits) [ 1111 XXXX ] [ 1XXX XXXX ]*2 [ 0XXX XXXX ] 33818864 <= X < 4328786160 : 5 bytes (32 bits) [ 1111 XXXX ] [ 1XXX XXXX ]*3 [ 0XXX XXXX ] --- diff --git a/src/peers.c b/src/peers.c index 9733e1bc0b..0795204e0d 100644 --- a/src/peers.c +++ b/src/peers.c @@ -406,7 +406,7 @@ static int peer_prepare_updatemsg(char *msg, size_t size, struct peer_prep_param use_identifier = p->updt.use_identifier; use_timed = p->updt.use_timed; - cursor = datamsg = msg + 1 + 5; + cursor = datamsg = msg + PEER_MSG_HEADER_LEN + PEER_MSG_ENC_LENGTH_MAXLEN; /* construct message */