Permalink
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Browse files
Browse the repository at this point in the history
BUG/MAJOR: http/htx: prevent unbounded loop in http_manage_server_sid…
…e_cookies
Ensure calls to http_find_header() terminate. If a "Set-Cookie2"
header is found then the while(1) loop in
http_manage_server_side_cookies() will never terminate, resulting in
the watchdog firing and the process terminating via SIGABRT.
The while(1) loop becomes unbounded because an unmatched call to
http_find_header("Set-Cookie") will leave ctx->blk=NULL. Subsequent
calls to check for "Set-Cookie2" will now enumerate from the beginning
of all the blocks and will once again match on subsequent
passes (assuming a match first time around), hence the loop becoming
unbounded.
This issue was introduced with HTX and this fix should be backported
to all versions supporting HTX.
Many thanks to Grant Spence (gspence@redhat.com) for working through
this issue with me.- Loading branch information
bfb15abThere was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@frobware @wtarreau any plan to backport this in a stable haproxy release (2.4 or 2.5)?
Thanks.
bfb15abThere was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The fix was backported in all affected versions. Last 2.5 and 2.4 releases include it. It is also true for last 2.3 and 2.2 releases. The next 2.0 will ship it too. It will be released this week.
bfb15abThere was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@tcherel that was done a month ago already (2.4.13 and 2.5.2). If you're running on up-to-date versions (2.4.14 or 2.5.4), you already have it.
bfb15abThere was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Totally missed that, sorry.
Thanks a lot.