mirrors/haproxy
1
0
Fork 0
mirror of https://git.haproxy.org/git/haproxy.git/ synced 2025-10-27 14:41:28 +01:00
Code Issues Projects Releases Wiki Activity

BUG/MINOR: ssl: always clear the remains of the first hello for the second one

Browse Source 
William rightfully pointed that despite the ssl capture being a
structure, some of its entries are only set for certain contents,
so we need to always zero it before using it so as to clear any
remains of a previous use, otherwise we could possibly report some
entries that were only present in the first hello and not the second
one. No need to clear the data though, since any remains will not be
referenced by the fields.

This must be backported wherever commit 336170007c ("BUG/MEDIUM: ssl:
take care of second client hello") is backported.
This commit is contained in:
Willy Tarreau 2025-10-09 18:47:54 +02:00
parent 336170007c
commit 54f0ab08b8
1 changed files with 3 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
src/ssl_sock.c
View File

@ -1948,9 +1948,11 @@ static void ssl_sock_parse_clienthello(struct connection *conn, int write_p, int
*/
capture = SSL_get_ex_data(ssl, ssl_capture_ptr_index);
if (!capture)
capture = pool_zalloc(pool_head_ssl_capture);
capture = pool_alloc(pool_head_ssl_capture);
if (!capture)
return;
memset(capture, 0, sizeof(*capture));
/* Compute the xxh64 of the ciphersuite. */
capture->xxh64 = XXH64(msg, rec_len, 0);