git.ipfire.org Git - thirdparty/haproxy.git/commit

]> git.ipfire.org Git - thirdparty/haproxy.git/commit

projects / thirdparty / haproxy.git / commit

author	Christopher Faulet <cfaulet@haproxy.com>
	Mon, 1 Jun 2026 13:25:32 +0000 (15:25 +0200)
committer	Christopher Faulet <cfaulet@haproxy.com>
	Mon, 1 Jun 2026 13:39:43 +0000 (15:39 +0200)
commit	4a540a4fb7b148a8d7d32a8b5434fc51e5dd6bcd
tree	3e5fe498c83c5dd5061b2a810c09dc902f1184df	tree \| snapshot
parent	b8543c54d45e769d7aea0397cbc0124cd6b2420d	commit \| diff

BUG/MINOR: mux-spop: Fix possible off-by-one OOB read in spop_get_varint()

In spop_get_varint(), -1 is returned if there is not enough data in the
buffer to decode the variable integer. However a strict comparison agasint
b_data() was performed, which is wrong. A failure must be reported if the
index is greater or equal to b_data().

This patch must be backported as far as 3.2.

src/mux_spop.c

diff | blob | blame | history

Mirror of https://github.com/haproxy/haproxy.git

RSS Atom