]> git.ipfire.org Git - thirdparty/haproxy.git/commit
projects / thirdparty / haproxy.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 7e1cc0f) | patch
BUG/MAJOR: net_helper: ip.fp infinite loop on malformed tcp options
authorEmeric Brun <ebrun@haproxy.com>
Wed, 22 Apr 2026 12:45:09 +0000 (14:45 +0200)
committerWilly Tarreau <w@1wt.eu>
Wed, 22 Apr 2026 14:52:30 +0000 (16:52 +0200)
commitdbf471f99a3ac7d8446da2b9ddf5cfcee77fddde
treed4b67164633fb11a52b1dfb93ad8cb80497bf2adtree | snapshot
parent7e1cc0fcdbcace75a957a69fc8a4d991f7b30fdbcommit | diff
BUG/MAJOR: net_helper: ip.fp infinite loop on malformed tcp options

A malformed tcp option with an option length set to 0 can cause
an infinite loop on ip.fp converter.

The patch also forces the computation to use an unsigned char to
avoid a shift back during the parsing.

This fix should be backported on all versions including the ip.fp
converter.
src/net_helper.c diff | blob | blame | history
Mirror of https://github.com/haproxy/haproxy.git