mirrors/haproxy
1
0
Fork 0
mirror of https://git.haproxy.org/git/haproxy.git/ synced 2025-09-21 22:01:31 +02:00
Code Issues Projects Releases Wiki Activity
haproxy/src
History
Remi Tricot-Le Breton d4e3be18df BUG/MEDIUM: ssl: Fix crash in ocsp-update log function 
The ocsp-update logging mechanism was built around the 'sess_log'
function which required to keep a pointer to the said session until the
logging function could be called. This was made by keeping a pointer to
the appctx returned by the 'httpclient_start' function. But this appctx
lives its life on its own and might be destroyed before
'ssl_ocsp_send_log' is called, which could result in a crash (UAF).
Fixing this crash requires to stop using the 'sess_log' function to emit
the ocsp-update logs. The log line will then need to be built by hand
out of the information actually available when 'ssl_ocsp_send_log' is
called. Since we don't use the "regular" logging functions anymore, we
don't need to use the error_logformat anymore. In order to keep a
consistent behavior than before, we will keep the same format for the
logs but replace the fields that required a 'sess' pointer by fake
values (the %ci:%cp for instance, which was never filled anyway).

This crash was raised in GitHub issue #2442.
It should be backported up to branch 2.8.
2024-03-20 16:12:10 +01:00
..
acl.c
MINOR: acl: add extra diagnostics about suspicious string patterns
2024-02-03 12:08:11 +01:00
action.c
MINOR: support for http-request set-timeout client
2023-09-28 08:49:22 +02:00
activity.c
MINOR: activity: report profiling duration and age in "show profiling"
2023-11-14 11:46:37 +01:00
applet.c
BUG/MEDIUM: applet: Fix HTX .rcv_buf callback function to release outbuf buffer
2024-02-26 16:40:13 +01:00
arg.c
CLEANUP: arg: remove extra check in make_arg_list arg escaping
2022-11-22 16:27:52 +01:00
auth.c
MINOR: auth: silence null dereference warning in check_user()
2022-11-24 15:24:02 +01:00
backend.c
MINOR: session: rename private conns elements
2024-03-14 15:21:02 +01:00
base64.c
cache.c
MINOR: muxes/applet: Simplify checks on options to disable zero-copy forwarding
2024-02-14 15:41:04 +01:00
calltrace.c
BUG/MINOR: calltrace: fix 'now' being used in place of 'date'
2023-04-27 18:14:57 +02:00
cbuf.c
cfgcond.c
MINOR: protocol: move the global reuseport flag to the protocols
2023-04-23 09:46:15 +02:00
cfgdiag.c
cfgparse-global.c
MINOR: cfgparse: Add a global option to expose deprecated directives
2024-03-15 11:31:48 +01:00
cfgparse-listen.c
BUG/MINOR: cfgparse-listen: fix warning being reported as an alert
2023-12-01 09:09:45 +01:00
cfgparse-quic.c
MINOR: quic: Dynamic packet reordering threshold
2024-02-14 11:32:29 +01:00
cfgparse-ssl.c
MEDIUM: ssl: allow to change the OpenSSL security level from global section
2024-03-12 17:37:11 +01:00
cfgparse-tcp.c
BUG/MINOR: cfgparse-tcp: leak when re-declaring interface from bind line
2023-06-06 15:15:17 +02:00
cfgparse-unix.c
cfgparse.c
BUG/MINOR: cfgparse: report proper location for log-format-sd errors
2024-03-07 11:48:17 +01:00
channel.c
MINOR: tree-wide: Only rely on co_data() to check channel emptyness
2023-10-17 18:51:13 +02:00
check.c
CLEANUP: assorted typo fixes in the code and comments
2023-11-23 16:23:14 +01:00
chunk.c
MEDIUM: init: initialize the trash earlier
2023-09-08 16:25:19 +02:00
cli.c
BUG/MAJOR: cli: Restore non-interactive mode behavior with pipelined commands
2024-02-23 15:19:49 +01:00
clock.c
MINOR: clock: provide a function to automatically adjust now_offset
2023-05-17 09:33:54 +02:00
compression.c
MINOR: compression/slz: add support for a pure flush of pending bytes
2023-06-30 16:12:36 +02:00
connection.c
BUG/MAJOR: connection: fix server used_conns with H2 + reuse safe
2024-03-20 14:26:57 +01:00
cpuset.c
REORG: cpuset: move parse_cpu_set() and parse_cpumap() to cpuset.c
2023-09-08 16:25:19 +02:00
debug.c
BUG/MEDIUM: hlua: streams don't support mixing lua-load with lua-load-per-thread (2nd try)
2024-03-13 09:24:46 +01:00
dgram.c
MINOR: dgram: allow to set rcv/sndbuf for dgram sockets as well
2023-10-18 17:01:19 +02:00
dict.c
dns.c
MINOR: applet: Remove uselelss test on SE_FL_SHR/SHW flags
2024-02-14 14:22:36 +01:00
dynbuf.c
CLEANUP: assorted typo fixes in the code and comments
2023-11-23 16:23:14 +01:00
eb32sctree.c
eb32tree.c
eb64tree.c
ebimtree.c
ebistree.c
ebmbtree.c
ebpttree.c
ebsttree.c
ebtree.c
errors.c
BUG/MINOR: diag: always show the version before dumping a diag warning
2024-02-03 12:08:11 +01:00
ev_epoll.c
ev_evports.c
ev_kqueue.c
ev_poll.c
ev_select.c
event_hdl.c
LICENSE: event_hdl: fix GPL license version
2024-02-28 15:13:27 +01:00
extcheck.c
MINOR: ext-check: add an option to preserve environment variables
2023-11-23 16:53:57 +01:00
fcgi-app.c
CLEANUP: log: deinitialization of the log buffer in one function
2024-01-30 08:27:26 +01:00
fcgi.c
BUG/MAJOR: fcgi: Fix uninitialized reserved bytes
2022-12-09 12:23:14 +01:00
fd.c
BUG/MEDIUM: fd: don't wait for tmask to stabilize if we're not in it.
2023-04-13 18:04:46 +02:00
filters.c
Revert "MINOR: filter: "filter" requires TCP or HTTP mode"
2023-11-18 11:16:21 +01:00
fix.c
flt_bwlim.c
CLEANUP: assorted typo fixes in the code and comments
2023-11-23 16:23:14 +01:00
flt_http_comp.c
BUG/MINOR: compression: possible NULL dereferences in comp_prepare_compress_request()
2023-11-29 08:59:27 +01:00
flt_spoe.c
BUG/MEDIUM: spoe: Return an invalid frame on recv if size is too small
2024-03-19 07:54:25 +01:00
flt_trace.c
BUG/MINOR: trace: show wall-clock date, not internal date in show activity
2023-04-27 18:22:34 +02:00
freq_ctr.c
BUG/MEDIUM: freq-ctr: Don't report overshoot for long inactivity period
2023-11-08 16:38:06 +01:00
frontend.c
MINOR: frontend: implement a dedicated actconn increment function
2023-10-26 15:18:48 +02:00
h1_htx.c
BUG/MINOR: h1-htx: properly initialize the err_pos field
2024-01-31 15:22:12 +01:00
h1.c
CLEANUP: h1: remove unused function h1_measure_trailers()
2024-01-31 15:22:12 +01:00
h2.c
MINOR: h2: Set the BODYLESS_RESP flag on the HTX start-line if necessary
2023-10-17 18:51:13 +02:00
h3_stats.c
MEDIUM: stats: Be able to access a specific field into a stats module
2024-02-01 12:00:53 +01:00
h3.c
MINOR: mux-quic: realign Tx buffer if possible
2024-01-31 16:28:54 +01:00
haproxy.c
MINOR: cfgparse: Add a global option to expose deprecated directives
2024-03-15 11:31:48 +01:00
hash.c
BUILD: hash: use __fallthrough in hash_djb2()
2022-11-14 11:14:02 +01:00
hlua_fcn.c
MEDIUM: server: make server_set_inetaddr() updater serializable
2023-12-21 14:22:27 +01:00
hlua.c
BUG/MEDIUM: hlua: streams don't support mixing lua-load with lua-load-per-thread (2nd try)
2024-03-13 09:24:46 +01:00
hpack-dec.c
BUG/CRITICAL: http: properly reject empty http header field names
2023-02-14 08:48:54 +01:00
hpack-enc.c
hpack-huff.c
BUG/MEDIUM: hpack: fix incorrect huffman decoding of some control chars
2023-01-26 11:36:39 +01:00
hpack-tbl.c
hq_interop.c
MEDIUM: mux-quic: properly handle conn Tx buf exhaustion
2024-01-31 16:28:54 +01:00
http_acl.c
http_act.c
CLEANUP: log: deinitialization of the log buffer in one function
2024-01-30 08:27:26 +01:00
http_ana.c
BUG/MEDIUM: http_ana: ignore NTLM for reuse aggressive/always and no H1
2024-03-20 14:26:57 +01:00
http_client.c
CLEANUP: tree-wide: use proper ERR_* return values for PRE_CHECK fcts
2024-03-07 11:48:08 +01:00
http_conv.c
CLEANUP: assorted typo fixes in the code and comments
2023-04-01 18:33:40 +02:00
http_ext.c
LICENSE: http_ext: fix GPL license version
2024-02-28 15:13:35 +01:00
http_fetch.c
MEDIUM: htx/http-ana: No longer close connection on early HAProxy response
2024-02-28 16:02:33 +01:00
http_htx.c
CLEANUP: log: deinitialization of the log buffer in one function
2024-01-30 08:27:26 +01:00
http_rules.c
CLEANUP: log: deinitialization of the log buffer in one function
2024-01-30 08:27:26 +01:00
http.c
MEDIUM: http: add the ability to redefine http-err-codes and http-fail-codes
2024-01-11 15:10:08 +01:00
htx.c
CLEANUP: assorted typo fixes in the code and comments
2023-11-23 16:23:14 +01:00
init.c
jwt.c
MINOR: jwt: Add support for RSA-PSS signatures (PS256 algorithm)
2023-03-08 10:43:04 +01:00
lb_chash.c
CLEANUP: assorted typo fixes in the code and comments
2023-11-23 16:23:14 +01:00
lb_fas.c
lb_fwlc.c
lb_fwrr.c
lb_map.c
linuxcap.c
MEDIUM: capabilities: enable support for Linux capabilities
2023-08-29 11:11:50 +02:00
listener.c
BUG/MINOR: listener: Don't schedule frontend without task in listener_release()
2024-03-14 09:34:36 +01:00
log.c
CLEANUP: log: fix obsolete comment for add_sample_to_logformat_list()
2024-03-07 11:47:56 +01:00
lru.c
mailers.c
MINOR: mailers/hlua: disable email sending from lua
2023-05-05 16:28:32 +02:00
map.c
MINOR: map: add map_*_key converters to provide the matching key
2023-12-21 14:22:27 +01:00
mjson.c
BUILD: mjson: Fix warning about unused variables
2023-05-11 09:22:46 +02:00
mqtt.c
mux_fcgi.c
MINOR: session: rename private conns elements
2024-03-14 15:21:02 +01:00
mux_h1.c
MEDIUM: htx/http-ana: No longer close connection on early HAProxy response
2024-02-28 16:02:33 +01:00
mux_h2.c
MINOR: session: rename private conns elements
2024-03-14 15:21:02 +01:00
mux_pt.c
MINOR: muxes/applet: Simplify checks on options to disable zero-copy forwarding
2024-02-14 15:41:04 +01:00
mux_quic.c
BUG/MINOR: mux-quic: fix crash on aborting uni remote stream
2024-03-06 10:41:01 +01:00
mworker-prog.c
MEDIUM: clock: replace timeval "now" with integer "now_ns"
2023-04-28 16:08:08 +02:00
mworker.c
MINOR: mworker/cli: implement hard-reload over the master CLI
2023-11-24 21:44:25 +01:00
namespace.c
BUG/MINOR: namespace: missing free in netns_sig_stop()
2023-06-14 11:27:29 +02:00
ncbuf.c
MINOR: ncbuf: missing malloc checks in standalone code
2023-05-12 09:45:30 +02:00
pattern.c
MINOR: map: mapfile ordering also matters for tree-based match types
2024-01-11 11:13:54 +01:00
payload.c
MEDIUM: tree-wide: fetches that may return IPV4+IPV6 now return ADDR
2023-07-03 16:32:01 +02:00
peers.c
MINOR: applet: Remove uselelss test on SE_FL_SHR/SHW flags
2024-02-14 14:22:36 +01:00
pipe.c
pool.c
BUG/MEDIUM: pool: fix rare risk of deadlock in pool_flush()
2024-02-10 12:38:40 +01:00
proto_quic.c
CLEANUP: Re-apply xalloc_size.cocci (3)
2023-11-06 20:49:56 +01:00
proto_rhttp.c
CLEANUP: assorted typo fixes in the code and comments
2024-01-02 10:19:48 +01:00
proto_sockpair.c
MEDIUM: proto: duplicate receivers marked RX_F_MUST_DUP
2023-04-21 17:41:26 +02:00
proto_tcp.c
MINOR: protocol: move the global reuseport flag to the protocols
2023-04-23 09:46:15 +02:00
proto_udp.c
MEDIUM: udp: allow to retrieve the frontend destination address
2024-01-02 11:44:42 +01:00
proto_uxdg.c
MINOR: proto_ux: ability to dump ABNS names in error messages
2023-02-23 15:05:05 +01:00
proto_uxst.c
MINOR: proto: skip socket setup for duped FDs
2023-04-21 17:41:26 +02:00
protocol.c
MINOR: quic+openssl_compat: Do not start without "limited-quic"
2023-08-17 15:44:03 +02:00
proxy.c
BUG/MEDIUM: server: fix dynamic servers initial settings
2024-02-27 17:02:20 +01:00
qmux_http.c
MEDIUM: mux-quic: add BUG_ON if sending on locally closed QCS
2023-12-21 15:42:08 +01:00
qmux_trace.c
MEDIUM: mux-quic: simplify sending API
2024-01-31 16:28:54 +01:00
qpack-dec.c
BUG/MINOR: qpack: reject invalid dynamic table capacity
2024-02-15 17:46:53 +01:00
qpack-enc.c
BUG/MEDIUM: qpack: allow 6xx..9xx status codes
2024-01-29 15:40:19 +01:00
qpack-tbl.c
CLEANUP: qpack: properly use the QPACK macros not HPACK ones in debug code
2022-11-24 15:38:26 +01:00
queue.c
MEDIUM: clock: replace timeval "now" with integer "now_ns"
2023-04-28 16:08:08 +02:00
quic_ack.c
BUILD: quic: Variable name typo inside a BUG_ON().
2024-02-05 14:31:21 +01:00
quic_cc_cubic.c
CLEANUP: assorted typo fixes in the code and comments
2024-03-05 11:50:34 +01:00
quic_cc_newreno.c
REORG: quic: Move QUIC path definitions/declarations to quic_cc module
2023-11-28 15:37:50 +01:00
quic_cc_nocc.c
REORG: quic: Move QUIC path definitions/declarations to quic_cc module
2023-11-28 15:37:50 +01:00
quic_cc.c
quic_cid.c
CLEANUP: quic_cid: remove unused listener arg
2023-11-30 15:04:27 +01:00
quic_cli.c
CLEANUP: assorted typo fixes in the code and comments
2024-03-18 19:54:33 +01:00
quic_conn.c
MINOR: quic: simplify rescheduling for handshake
2024-03-11 14:15:36 +01:00
quic_fctl.c
MINOR: mux-quic: define a flow control related type
2024-01-31 16:28:54 +01:00
quic_frame.c
BUG/MINOR: quic: reject unknown frame type
2024-02-15 17:04:17 +01:00
quic_loss.c
MINOR: quic: Add a counter for reordered packets
2024-02-14 11:32:29 +01:00
quic_openssl_compat.c
BUG/MEDIUM: quic: keylog callback not called (USE_OPENSSL_COMPAT)
2024-01-16 10:17:27 +01:00
quic_retransmit.c
REORG: quic: Add a new module for retransmissions
2023-11-28 15:47:18 +01:00
quic_retry.c
REORG: quic: Add a new module for QUIC retry
2023-11-28 15:47:18 +01:00
quic_rx.c
MINOR: quic: remove qc_treat_rx_crypto_frms()
2024-03-11 14:27:51 +01:00
quic_sock.c
BUG/MEDIUM: quic: fix connection freeze on post handshake
2024-03-06 10:39:57 +01:00
quic_ssl.c
MEDIUM: ssl: allow to change the OpenSSL security level from global section
2024-03-12 17:37:11 +01:00
quic_stats.c
MEDIUM: stats: Be able to access a specific field into a stats module
2024-02-01 12:00:53 +01:00
quic_stream.c
MEDIUM: mux-quic: properly handle conn Tx buf exhaustion
2024-01-31 16:28:54 +01:00
quic_tls.c
MINOR: quic: always use ncbuf for rx CRYPTO
2024-03-08 17:22:48 +01:00
quic_tp.c
MINOR: quic: Transport parameters encoding without version_information
2024-01-23 16:03:29 +01:00
quic_trace.c
CLEANUP: assorted typo fixes in the code and comments
2023-11-23 16:23:14 +01:00
quic_tx.c
REORG: quic: Add a new module for retransmissions
2023-11-28 15:47:18 +01:00
raw_sock.c
MEDIUM: raw-sock: Specifiy amount of data to send via snd_pipe callback
2023-10-17 18:51:13 +02:00
regex.c
resolvers.c
CLEANUP: tree-wide: use proper ERR_* return values for PRE_CHECK fcts
2024-03-07 11:48:08 +01:00
ring.c
CLEANUP: assorted typo fixes in the code and comments
2023-11-23 16:23:14 +01:00
sample.c
MINOR: sample: add type_to_smp() helper function
2024-02-20 15:18:39 +01:00
server_state.c
BUG/MINOR: server-state: Avoid warning on 'file not found'
2023-07-21 15:08:27 +02:00
server.c
BUG/MAJOR: server: do not delete srv referenced by session
2024-03-14 15:21:07 +01:00
session.c
BUG/MAJOR: server: do not delete srv referenced by session
2024-03-14 15:21:07 +01:00
sha1.c
shctx.c
BUG/MINOR: shctx: Remove old HA_SPIN_INIT
2023-11-17 16:56:18 +01:00
signal.c
CLEANUP: assorted typo fixes in the code and comments
2023-11-23 16:23:14 +01:00
sink.c
OPTIM: sink: drop the sink lock used to count drops
2024-03-09 11:23:52 +01:00
slz.c
IMPORT: slz: implement a synchronous flush() operation
2023-06-30 16:12:36 +02:00
sock_inet.c
MINOR: protocol: move the global reuseport flag to the protocols
2023-04-23 09:46:15 +02:00
sock_unix.c
BUG/MINOR: sock: mark abns sockets as non-suspendable and always unbind them
2023-11-20 11:38:26 +01:00
sock.c
MEDIUM: tcp-act/backend: support for set-bc-{mark,tos} actions
2024-02-01 10:58:30 +01:00
ssl_ckch.c
BUG/MAJOR: ocsp: Separate refcount per instance and per store
2024-03-20 16:12:10 +01:00
ssl_crtlist.c
BUG/MINOR: ssl/cli: duplicate cleaning code in cli_parse_del_crtlist
2024-02-27 18:10:43 +01:00
ssl_gencert.c
MEDIUM: ssl: allow to change the OpenSSL security level from global section
2024-03-12 17:37:11 +01:00
ssl_ocsp.c
BUG/MEDIUM: ssl: Fix crash in ocsp-update log function
2024-03-20 16:12:10 +01:00
ssl_sample.c
BUG/MINOR: ssl: do not set the aead_tag flags in sample_conv_aes_gcm()
2024-03-11 19:20:44 +01:00
ssl_sock.c
BUG/MAJOR: ocsp: Separate refcount per instance and per store
2024-03-20 16:12:10 +01:00
ssl_utils.c
BUILD: ssl: ssl_c_r_dn fetches uses functiosn only available since 1.1.1
2023-05-15 12:07:52 +02:00
stats.c
BUG/MINOR: stats: drop srv refcount on early release
2024-02-22 18:24:35 +01:00
stconn.c
BUG/MAJOR: stconn: Check support for zero-copy forwarding on both sides
2024-02-14 15:41:02 +01:00
stick_table.c
CLEANUP: fix typo in naming for variable "unused"
2024-03-05 11:50:34 +01:00
stream.c
BUG/MEDIUM: hlua: streams don't support mixing lua-load with lua-load-per-thread (2nd try)
2024-03-13 09:24:46 +01:00
task.c
CLEANUP: assorted typo fixes in the code and comments
2023-11-23 16:23:14 +01:00
tcp_act.c
MEDIUM: tcp-act/backend: support for set-bc-{mark,tos} actions
2024-02-01 10:58:30 +01:00
tcp_rules.c
MINOR: log/backend: prevent tcp-{request,response} use with LOG mode
2023-11-18 11:16:21 +01:00
tcp_sample.c
MINOR: sample: accept_date / request_date return %Ts / %tr timestamp values
2023-07-24 17:12:29 +02:00
tcpcheck.c
CLEANUP: log: deinitialization of the log buffer in one function
2024-01-30 08:27:26 +01:00
thread.c
MEDIUM: cache: Use dedicated cache tree lock alongside shctx lock
2023-11-16 19:35:10 +01:00
time.c
tools.c
MINOR: tools: use public interface for FreeBSD get_exec_path()
2024-03-11 19:00:37 +01:00
trace.c
MINOR: session: rename private conns elements
2024-03-14 15:21:02 +01:00
uri_auth.c
uri_normalizer.c
vars.c
MINOR: vars: export var_set and var_unset functions
2024-03-08 17:20:43 +01:00
version.c
wdt.c
BUG/MEDIUM: wdt: fix wrong thread being checked for sleeping
2023-02-17 16:01:34 +01:00
xprt_handshake.c
xprt_quic.c
BUG/MEDIUM: quic: fix connection freeze on post handshake
2024-03-06 10:39:57 +01:00