mirror of
https://git.haproxy.org/git/haproxy.git/
synced 2025-09-22 14:21:25 +02:00
dfda884633
This issue could be reproduced with a TLS client certificate verificatio to generate enough CRYPTO data between the client and haproxy and with dev/udp/udp-perturb as network perturbator. Haproxy could crash thanks to a BUG_ON() call as soon as in disorder data were bufferized into a non-contiguous buffer. There is no need to pass a non NULL non-contiguous to qc_ssl_provide_quic_data() from qc_ssl_provide_all_quic_data() which handles in order CRYPTO data which have not been bufferized. If not, the first call to qc_ssl_provide_quic_data() to process the first block of in order data leads the non-contiguous buffer head to be advanced to a wrong offset, by <len> bytes which is the length of the in order CRYPTO frame. This is detected by a BUG_ON() as follows: FATAL: bug condition "ncb_ret != NCB_RET_OK" matched at src/quic_ssl.c:620 call trace(11): | 0x5631cc41f3cc [0f 0b 8b 05 d4 df 48 00]: qc_ssl_provide_quic_data+0xca7/0xd78 | 0x5631cc41f6b2 [89 45 bc 48 8b 45 b0 48]: qc_ssl_provide_all_quic_data+0x215/0x576 | 0x5631cc3ce862 [48 8b 45 b0 8b 40 04 25]: quic_conn_io_cb+0x19a/0x8c2 | 0x5631cc67f092 [e9 1b 02 00 00 83 45 e4]: run_tasks_from_lists+0x498/0x741 | 0x5631cc67fb51 [89 c2 8b 45 e0 29 d0 89]: process_runnable_tasks+0x816/0x879 | 0x5631cc625305 [8b 05 bd 0c 2d 00 83 f8]: run_poll_loop+0x8b/0x4bc | 0x5631cc6259c0 [48 8b 05 b9 ac 29 00 48]: main-0x2c6 | 0x7fa6c34a2ea7 [64 48 89 04 25 30 06 00]: libpthread:+0x7ea7 | 0x7fa6c33c2a2f [48 89 c7 b8 3c 00 00 00]: libc:clone+0x3f/0x5a Thank you to @Tristan971 for having reported this issue in GH #2095. No need to backport.
The HAProxy documentation has been split into a number of different files for ease of use. Please refer to the following files depending on what you're looking for : - INSTALL for instructions on how to build and install HAProxy - BRANCHES to understand the project's life cycle and what version to use - LICENSE for the project's license - CONTRIBUTING for the process to follow to submit contributions The more detailed documentation is located into the doc/ directory : - doc/intro.txt for a quick introduction on HAProxy - doc/configuration.txt for the configuration's reference manual - doc/lua.txt for the Lua's reference manual - doc/SPOE.txt for how to use the SPOE engine - doc/network-namespaces.txt for how to use network namespaces under Linux - doc/management.txt for the management guide - doc/regression-testing.txt for how to use the regression testing suite - doc/peers.txt for the peers protocol reference - doc/coding-style.txt for how to adopt HAProxy's coding style - doc/internals for developer-specific documentation (not all up to date)