]> git.ipfire.org Git - thirdparty/haproxy.git/commit
projects / thirdparty / haproxy.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: e375f10) | patch
BUG/MINOR: net_helper: fix length controls on ip.fp tcp options parsing
authorEmeric Brun <ebrun@haproxy.com>
Wed, 25 Mar 2026 16:39:21 +0000 (17:39 +0100)
committerWilly Tarreau <w@1wt.eu>
Mon, 30 Mar 2026 16:10:29 +0000 (18:10 +0200)
commita336c467a04ab8fc7441d01b4004fb28ce1921f0
treeb0e956a3a66a4c9d205b3af5d39ece102585a8f0tree | snapshot
parente375f1061a1ff0ea38ff473ec6ef45bbc714b921commit | diff
BUG/MINOR: net_helper: fix length controls on ip.fp tcp options parsing

If opt len is truncated by tcplen we may read 1 Byte after the
tcp header.

There is also missing controls parsing MSS and WS we may compute
invalid values on fingerprint reading after the tcp header in
case of truncated options.

This patch should be backported on versions including ip.fp
src/net_helper.c diff | blob | blame | history
Mirror of https://github.com/haproxy/haproxy.git