mirrors/haproxy
1
0
Fork 0
mirror of https://git.haproxy.org/git/haproxy.git/ synced 2026-05-04 20:46:11 +02:00
Code Issues Projects Releases Wiki Activity

BUG/MINOR: hpack: fix off-by-one in header name encoding length calculation

Browse Source 
In hpack_encode_header() there is a length check to verify that a literal
header name fits in the buffer, but there it an off-by-one in this length
check, which forgets the byte required to mark the encoding type (literal
without indexing). It should be harmless though as it cannot be triggered
since response headers passing through haproxy are limited by the reserve,
which is not the case of the output buffer.

This fix should be backported to 1.8.
This commit is contained in:
Willy Tarreau 2018-12-11 06:46:03 +01:00
parent 56b0348ea7
commit 7571015939
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
src/hpack-enc.c
View File

@ -109,7 +109,7 @@ int hpack_encode_header(struct buffer *out, const struct ist n,
out->area[len++] = 0x58; // literal with indexing -- name="cache-control" (idx 24)
else if (isteq(n, ist("content-length")))
out->area[len++] = 0x5c; // literal with indexing -- name="content-length" (idx 28)
else if (len_to_bytes(n.len) && len + len_to_bytes(n.len) + n.len <= size) {
else if (len_to_bytes(n.len) && len + 1 + len_to_bytes(n.len) + n.len <= size) {
out->area[len++] = 0x00; /* literal without indexing -- new name */
len = hpack_encode_len(out->area, len, n.len);