mirror of
https://git.haproxy.org/git/haproxy.git/
synced 2026-02-05 01:11:51 +01:00
488ee7fb6e
This patch fixes PROXYv2 parsing when the payload of the TCP connection is fused with the PROXYv2 header within a single recv() call. Previously HAProxy ignored the PROXYv2 header length when attempting to parse the TLV, possibly interpreting the first byte of the payload as a TLV type. This patch adds proper validation. It ensures that: 1. TLV parsing stops when the end of the PROXYv2 header is reached. 2. TLV lengths cannot exceed the PROXYv2 header length. 3. The PROXYv2 header ends together with the last TLV, not allowing for "stray bytes" to be ignored. A reg-test was added to ensure proper behavior. This patch tries to find the sweat spot between a small and easily backportable one, and a cleaner one that's more easily adaptable to older versions, hence why it merges the "if" and "while" blocks which causes a reindent of the whole block. It should be used as-is for versions 1.9 to 2.1, the block about PP2_TYPE_AUTHORITY should be dropped for 2.0 and the block about CRC32C should be dropped for 1.8. This bug was introduced when TLV parsing was added. This happened in commit b3e54fe387c7c1ea750f39d3029672d640c499f9. This commit was first released with HAProxy 1.6-dev1. A similar issue was fixed in commit 7209c204bd6f3c49132264c7a58f689cdc741c12. This patch must be backported to HAProxy 1.6+.
The HAProxy documentation has been split into a number of different files for ease of use. Please refer to the following files depending on what you're looking for : - INSTALL for instructions on how to build and install HAProxy - BRANCHES to understand the project's life cycle and what version to use - LICENSE for the project's license - CONTRIBUTING for the process to follow to submit contributions The more detailed documentation is located into the doc/ directory : - doc/intro.txt for a quick introduction on HAProxy - doc/configuration.txt for the configuration's reference manual - doc/lua.txt for the Lua's reference manual - doc/SPOE.txt for how to use the SPOE engine - doc/network-namespaces.txt for how to use network namespaces under Linux - doc/management.txt for the management guide - doc/regression-testing.txt for how to use the regression testing suite - doc/peers.txt for the peers protocol reference - doc/coding-style.txt for how to adopt HAProxy's coding style - doc/internals for developer-specific documentation (not all up to date)