Re: [PATCH] CLEANUP: ssl: Clean up error handling

2019-11-25 Thread Willy Tarreau
On Mon, Nov 25, 2019 at 09:17:51PM +0100, Tim Düsterhus wrote: > Willy, > > Am 25.11.19 um 17:57 schrieb Willy Tarreau: > > I agree that it's cleaner this way, however it then uncovers another > > issue which is that *if* ever called with a NULL err then it will leak > > memory. William said in

Re: [PATCH] CLEANUP: ssl: Clean up error handling

2019-11-25 Thread William Dauchy
On Mon, Nov 25, 2019 at 05:57:04PM +0100, Willy Tarreau wrote: > What I'd suggest instead as a better and more durable cleanup would be > to explicitly mention above the function's prototype that it must not > be called with a null err pointer, and remove all "if (err)" or "err &&" > tests so that

Re: [PATCH] CLEANUP: ssl: Clean up error handling

2019-11-25 Thread Tim Düsterhus
Willy, Am 25.11.19 um 17:57 schrieb Willy Tarreau: > I agree that it's cleaner this way, however it then uncovers another > issue which is that *if* ever called with a NULL err then it will leak > memory. William said in the issue discussion that the functions are not Will it actually leak

Re: [PATCH] BUG/MINOR: ssl: Stop passing dynamic strings as format arguments

2019-11-25 Thread Tim Düsterhus
William, Am 25.11.19 um 08:57 schrieb William Lallemand: > Merged, Thanks Tim. > > I removed the mention to the backport because it's in master only and mustn't > be backported. > When the other commit is not going to be backported either then that's okay :-) Thanks Tim Düsterhus

Re: [PATCH] CLEANUP: ssl: Clean up error handling

2019-11-25 Thread Willy Tarreau
On Sat, Nov 23, 2019 at 11:45:10PM +0100, Tim Duesterhus wrote: > This commit removes the explicit checks for `if (err)` before > passing `err` to `memprintf`. `memprintf` already checks itself > whether the `**out*` parameter is `NULL` before doing anything. > This reduces the indentation depth

[ANNOUNCE] haproxy-2.1.0

2019-11-25 Thread Willy Tarreau
Hi, HAProxy 2.1.0 was released on 2019/11/25. It added 45 new commits after version 2.1-dev5. As some might have noticed, the last week was quite calm except the last few days with a few unexpected bugs to deal with. But that's better than having bugs immediately after the release forcing a new

[ANNOUNCE] haproxy-1.8.23

2019-11-25 Thread Willy Tarreau
Hi, HAProxy 1.8.23 was released on 2019/11/25. It added 14 new commits after version 1.8.22. This version is mostly aimed at addressing the header name encoding issue in HTTP/2. In addition it fixes a corner case where a listener may loop eating CPU when reaching the frontend/process' connection

[ANNOUNCE] haproxy-1.9.13

2019-11-25 Thread Willy Tarreau
Hi, HAProxy 1.9.13 was released on 2019/11/25. It added 39 new commits after version 1.9.12. It addresses the same security issues as announced in 2.0.10: - The first one, found by Tim Düsterhus, lets an attacker pass control characters into header fields, leading to a possibility of content

[ANNOUNCE] haproxy-2.0.10

2019-11-25 Thread Willy Tarreau
Hi, HAProxy 2.0.10 was released on 2019/11/25. It added 37 new commits after version 2.0.9. This version addresses two potential security issues in the H2 decoder. The first one, found by Tim Düsterhus, lets an attacker pass control characters into header fields, leading to a possibility of

Re: [PATCH] MINOR: contrib/prometheus-exporter: decode parameter and value only

2019-11-25 Thread Christopher Faulet
Le 23/11/2019 à 20:38, William Dauchy a écrit : we were decoding all substring and then parsing; this could lead to consider & and = in decoding result as delimiters where it should not. this patch reverses the order by first parsing and then decoding each key and value separately. This patch

Re: [PATCH v2] CLEANUP: ssl: check if a transaction exists once before setting it

2019-11-25 Thread William Lallemand
On Sun, Nov 24, 2019 at 03:04:20PM +0100, William Dauchy wrote: > trivial patch to fix issue #351 > > Fixes: bc6ca7ccaa72 ("MINOR: ssl/cli: rework 'set ssl cert' as 'set/commit'") > Reported-by: Илья Шипицин > Signed-off-by: William Dauchy > --- > src/ssl_sock.c | 2 +- > 1 file changed, 1