Le 02/04/2015 23:35, Lukas Tribus a écrit :
Please provide the output of "haproxy -vv" of the 1.5.11 executable.
I guess you have an ABI problem between openssl 1.0.1 and 1.0.2.
I wonder if we are not seeing a case not covered by CVE-2015-0290 :
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0290
And linking haproxy 1.5.11 against openssl 1.0.1 would bypass this new
1.0.2 feature for the time being. Likely that combination is safe.
Still, I'm really not sure it happens in the multiblock part.
And there's one thing I don't get : the gdb output shows an exit due to
a SIGPIPE (happening on a write call), but haproxy is supposed to catch
and ignore them.
John, can you describe how you generate the binaries (openssl and haproxy) ?
--
Cyril Bonté
