From: Tim Duesterhus <tim@bastelstu.be>
Date: Fri, 25 Feb 2022 20:44:27 +0000 (+0100)
Subject: MINOR: connection: Transform safety check in PROXYv2 parsing into BUG_ON()
X-Git-Tag: v2.6-dev3~101
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=17e6b737d7ca5beda02ae9991eb51a8697ae9d4f;p=thirdparty%2Fhaproxy.git

MINOR: connection: Transform safety check in PROXYv2 parsing into BUG_ON()

With BUG_ON() being enabled by default it is more useful to use a BUG_ON()
instead of an effectively never-taken if, as any incorrect assumptions will
become much more visible.

see 488ee7fb6 ("BUG/MAJOR: proxy_protocol: Properly validate TLV lengths")
---

diff --git a/src/connection.c b/src/connection.c
index f78028451c..c156d93132 100644
--- a/src/connection.c
+++ b/src/connection.c
@@ -1098,12 +1098,11 @@ int conn_recv_proxy(struct connection *conn, int flag)
 		}
 
 		/* Verify that the PROXYv2 header ends at a TLV boundary.
-		 * This is technically unreachable, because the TLV parsing already
-		 * verifies that a TLV does not exceed the total length and also
-		 * that there is space for a TLV header.
+		 * This is can not be true, because the TLV parsing already
+		 * verifies that a TLV does not exceed the total length and
+		 * also that there is space for a TLV header.
 		 */
-		if (tlv_offset != total_v2_len)
-			goto bad_header;
+		BUG_ON(tlv_offset != total_v2_len);
 
 		/* unsupported protocol, keep local connection address */
 		break;