From 74967f60ec137f2b6006b33dec8df5464f17cea7 Mon Sep 17 00:00:00 2001 From: Willy Tarreau Date: Tue, 30 Aug 2016 14:39:46 +0200 Subject: [PATCH] BUG/MINOR: payload: fix SSLv2 version parser A typo resulting from a copy-paste in the original req.ssl_ver code will make certain SSLv2 hello messages not properly detected. The bug has been present since the code was added in 1.3.16. In 1.3 and 1.4, this code was in proto_tcp.c. In 1.5-dev0, it moved to acl.c, then later to payload.c. This bug was tagged "minor" because SSLv2 is outdated and this encoding was rarely (if at all) used, the shorter form starting with 0x80 being more common. This fix needs to be backported to all currently maintained branches. --- src/payload.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/payload.c b/src/payload.c index 0cac555da..3a534c377 100644 --- a/src/payload.c +++ b/src/payload.c @@ -435,7 +435,7 @@ smp_fetch_req_ssl_ver(const struct arg *args, struct sample *smp, const char *kw /* long header format : 14 bits for length + pad length */ rlen = ((data[0] & 0x3F) << 8) | data[1]; plen = data[2]; - bleft -= 3; data += 2; + bleft -= 3; data += 3; } if (*data != 0x01)