Here is the corrected (and retested) :-) patch.
Commit comment: Use temporary trash chunk, instead of global trash chunk in
make_proxy_line_v2() to avoid memory overwrite.
--Dave
On Thu, Jul 17, 2014 at 4:17 AM, Willy Tarreau <[email protected]> wrote:
> On Wed, Jul 16, 2014 at 11:50:30PM -0400, Dave McCowan wrote:
> > Hi Willy,
> >
> > <blush> Yes, I changed my variable names after testing to clean up and
> > failed.
> > Is my obvious corrected patch the correct fix?
>
> Yes I think so.
>
> > Or should we clamp down on the use of global chunks being passed
> downstream?
>
> Don't try to fix everything around, I find your fix the most durable one.
> Please simply resend it fixed, it's easier for me to track changes, and for
> anyone else to review and comment if needed.
>
> Thanks,
> Willy
>
>
>
diff --git a/src/connection.c b/src/connection.c
index 20a911b..3435b1a 100644
--- a/src/connection.c
+++ b/src/connection.c
@@ -622,6 +622,7 @@ int make_proxy_line_v2(char *buf, int buf_len, struct
server *srv, struct connec
char *value = NULL;
struct tlv_ssl *tlv;
int ssl_tlv_len = 0;
+ struct chunk *cn_trash;
#endif
if (buf_len < PP2_HEADER_LEN)
@@ -682,8 +683,9 @@ int make_proxy_line_v2(char *buf, int buf_len, struct
server *srv, struct connec
tlv->verify =
htonl(ssl_sock_get_verify_result(remote));
}
if (srv->pp_opts & SRV_PP_V2_SSL_CN) {
- if (ssl_sock_get_remote_common_name(remote,
&trash) > 0) {
- tlv_len =
make_tlv(&buf[ret+ssl_tlv_len], (buf_len - ret - ssl_tlv_len), PP2_TYPE_SSL_CN,
trash.len, trash.str);
+ cn_trash = get_trash_chunk();
+ if (ssl_sock_get_remote_common_name(remote,
&cn_trash) > 0) {
+ tlv_len =
make_tlv(&buf[ret+ssl_tlv_len], (buf_len - ret - ssl_tlv_len), PP2_TYPE_SSL_CN,
cn_trash->len, cn_trash->str);
ssl_tlv_len += tlv_len;
}
}
