Hi all, I recently got access to a new static analysis tool and have been using it on the Linux kernel and a few other projects. I figured it would be good to see what it thought about the haproxy codebase and so here are the results of some of its findings, in patch form.
Note, my knowledge of haproxy is _very_ slim, I have verified that these build properly on a Linux target system, and I did my best at descriptions based on the tool output of what it thought might be wrong. But the results need to be checked by someone who understands this codebase, and can actually test that nothing broke :) If there is anything that I can do to help answer questions about these, or any revisisions that might be needed (i.e. I messed up some coding style or other issues I have overlooked), please let me know. Also, I didn't "grade" any of these bugs as I can't really determine the severity of them, but these seemed like the "biggest" issues found at first pass (I have some more that I can send after this that felt more minor to me, but again, my judgement might be totally wrong here...) thanks, greg k-h Greg Kroah-Hartman (10): BUG: peers: fix OOB heap write in dictionary cache update BUG: hlua: fix stack overflow in httpclient headers conversion BUG: payload: validate SNI name_len in req.ssl_sni BUG: jwe: fix NULL deref crash with empty CEK and non-dir alg BUG: chunk: fix typo allocating small trash with bufsize_large BUG: chunk: fix infinite loop in get_larger_trash_chunk() BUG: jwt: fix heap overflow in ECDSA signature DER conversion BUG: hlua: fix format-string vulnerability in Patref error path BUG: compression: fix heap overflow from SLZ output expansion BUG: jwe: fix memory leak in jwt_decrypt_secret with var argument src/chunk.c | 4 ++-- src/flt_http_comp.c | 14 ++++++++++++-- src/hlua.c | 5 +++++ src/hlua_fcn.c | 6 +++--- src/jwe.c | 5 +++++ src/jwt.c | 15 +++++++++++---- src/payload.c | 3 +++ src/peers.c | 8 ++++---- 8 files changed, 45 insertions(+), 15 deletions(-) -- 2.53.0
