From 66b00543c5d7b1024fd6dea8155350793676ec8e Mon Sep 17 00:00:00 2001 From: Willy Tarreau Date: Tue, 28 Apr 2026 03:56:35 +0200 Subject: [PATCH] BUG/MINOR: hpack: validate idx > 0 in hpack_valid_idx() HPACK indices start at 1, so idx=0 is invalid. The function only checked the upper bound before, allowing idx=0 to pass as valid. This is harmless as the code properly checks for existing name and values everywhere, but then due to the call to hpack_idx_to_phdr(), index 0 will be taken for :authority. Let's just make sure it's never zero. This can be backported. --- include/haproxy/hpack-tbl.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/include/haproxy/hpack-tbl.h b/include/haproxy/hpack-tbl.h index 02cf7db54..becabf21b 100644 --- a/include/haproxy/hpack-tbl.h +++ b/include/haproxy/hpack-tbl.h @@ -78,7 +78,7 @@ static inline const struct hpack_dte *hpack_get_dte(const struct hpack_dht *dht, /* returns non-zero if is valid for table */ static inline int hpack_valid_idx(const struct hpack_dht *dht, uint32_t idx) { - return idx < dht->used + HPACK_SHT_SIZE; + return idx > 0 && idx < dht->used + HPACK_SHT_SIZE; } /* return a pointer to the header name for entry . */