From: Willy Tarreau <w@1wt.eu>
Date: Sat, 19 Jul 2014 04:37:33 +0000 (+0200)
Subject: BUG/MEDIUM: connection: fix proxy v2 header again!
X-Git-Tag: v1.6-dev1~346
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=3b9a0c9d4d083d749846d66f9bd4caabafe4ee78;p=thirdparty%2Fhaproxy.git

BUG/MEDIUM: connection: fix proxy v2 header again!

Last commit 77d1f01 ("BUG/MEDIUM: connection: fix memory corruption
when building a proxy v2 header") was wrong, using &cn_trash instead
of cn_trash resulting in a warning and the client's SSL cert CN not
being stored at the proper location.

Thanks to Lukas Tribus for spotting this quickly.

This should be backported to 1.5 after the patch above is backported.
---

diff --git a/src/connection.c b/src/connection.c
index 3435b1ac74..2dd2c024aa 100644
--- a/src/connection.c
+++ b/src/connection.c
@@ -684,7 +684,7 @@ int make_proxy_line_v2(char *buf, int buf_len, struct server *srv, struct connec
 			}
 			if (srv->pp_opts & SRV_PP_V2_SSL_CN) {
 				cn_trash = get_trash_chunk();
-				if (ssl_sock_get_remote_common_name(remote, &cn_trash) > 0) {
+				if (ssl_sock_get_remote_common_name(remote, cn_trash) > 0) {
 					tlv_len = make_tlv(&buf[ret+ssl_tlv_len], (buf_len - ret - ssl_tlv_len), PP2_TYPE_SSL_CN, cn_trash->len, cn_trash->str);
 					ssl_tlv_len += tlv_len;
 				}