mirror of
https://git.haproxy.org/git/haproxy.git/
synced 2025-09-23 23:01:24 +02:00
b1a2faf7c9
Commit a1cc38 introduced a regression which was easy to trigger till ad4cd58 (snapshots 20120222 to 20120311 included). The bug was still present after that but harder to trigger. The bug is caused by the use of two distinct log buffers due to intermediary changes. The issue happens when an HTTP request is logged just after a TCP request during the same second and the HTTP request is too large for the buffer. In this case, it happens that the HTTP request is logged into the TCP buffer instead and that length controls can't detect anything. Starting with bddd4f, the issue is still possible when logging too large an HTTP request just after a send_log() call (typically a server status change). We owe a big thanks to Sander Klein for testing several snapshots and more specifically for taking significant risks in production by letting the buggy version crash several times in order to provide an exploitable core ! The bug could not have been found without this precious help. Thank you Sander ! This fix does not need to be backported, it did not affect any released version.