mirrors/haproxy
1
0
Fork 0
mirror of https://git.haproxy.org/git/haproxy.git/ synced 2025-08-10 00:57:02 +02:00
Code Issues Projects Releases Wiki Activity

BUG/MINOR: acl: req_ssl_sni would randomly fail if a session ID is present

Browse Source 
The wrong byte was checked for the session_id length in the payload. This
used to work when the session ID was absent because zero was found there,
but when a session ID is present, there is 1/256 chance that the inspected
data contains 0x20 (the actual session ID length), so it fails.

Thanks to Emmanuel Bzagu for reporting this bug.

This bug does not need backporting, it is 1.5 specific.
This commit is contained in:
Willy Tarreau 2012-04-09 09:24:11 +02:00
parent dc4d903640
commit d017f113c0
1 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
src/acl.c
View File

@ -290,7 +290,7 @@ acl_fetch_req_ssl_ver(struct proxy *px, struct session *l4, void *l7, int dir,
* - uint24 length (handshake message length) * - uint24 length (handshake message length)
* - ClientHello : * - ClientHello :
* - uint16 client_version >= 0x0301 (TLSv1) * - uint16 client_version >= 0x0301 (TLSv1)
* - uint8 Random[32] * - uint8 Random[32] (4 first ones are timestamp)
* - SessionID : * - SessionID :
* - uint8 session_id_len (0..32) (SessionID len in bytes) * - uint8 session_id_len (0..32) (SessionID len in bytes)
* - uint8 session_id[session_id_len] * - uint8 session_id[session_id_len]
@ -370,7 +370,7 @@ acl_fetch_ssl_hello_sni(struct proxy *px, struct session *l4, void *l7, int dir,
if (data[0] < 0x03 || data[1] < 0x01) /* TLSv1 minimum */ if (data[0] < 0x03 || data[1] < 0x01) /* TLSv1 minimum */
goto not_ssl_hello; goto not_ssl_hello;
ext_len = data[35]; ext_len = data[34]; /* session_id_len */
if (ext_len > 32 || ext_len > (hs_len - 35)) /* check for correct session_id len */ if (ext_len > 32 || ext_len > (hs_len - 35)) /* check for correct session_id len */
goto not_ssl_hello; goto not_ssl_hello;