The version of scm_rights receiving that I use in my programs will
eventually need to support multiple file descriptors, so the buffer is
larger. I had totally forgotten about the difference here :)
On 7/20/21 9:27 AM, Willy Tarreau wrote:
On Tue, Jul 20, 2021 at 03:04:05AM -0500, Peter Jin
On Tue, Jul 20, 2021 at 03:04:05AM -0500, Peter Jin wrote:
> Sorry, after analyzing the code again, it's not a security issue since the
> ancillary buffer can only hold one file descriptor.
No problem, it's better that way, and thanks for your detailed explanation!
Willy
Hi Peter,
first, thanks for bringing this here.
On Tue, Jul 20, 2021 at 01:13:58AM -0500, Peter Jin wrote:
> 1. The network namespace support seems to be a bit broken. In the function
> "my_socketat" (lines 114-129 of src/namespace.c in the latest dev branch),
> you attempt to first change
Hi Lukas,
On Tue, Jul 20, 2021 at 08:48:28AM +0200, Lukas Tribus wrote:
> Hello,
>
>
> On Tue, 20 Jul 2021 at 08:13, Peter Jin wrote:
> > 2. There is a stack buffer overflow found in one of the files. Not
> > disclosing it here because this email will end up on the public mailing
> > list. If
Sorry, after analyzing the code again, it's not a security issue since
the ancillary buffer can only hold one file descriptor. Forget
everything that I said and focus on # 1 instead.
On 7/20/21 1:48 AM, Lukas Tribus wrote:
Hello,
On Tue, 20 Jul 2021 at 08:13, Peter Jin wrote:
2. There is
After analyzing the thing again, I don't think that it's such a big
security issue, or even a security issue at all, since it's not remotely
exploitable in any way and probably is very specific to how I'm using it
(I haven't found anyone else using it in the same way), so here it is:
On Tue, Jul 20, 2021 at 9:49 AM Lukas Tribus wrote:
> It's secur...@haproxy.org, it's somehow well hidden in doc/intro.txt
> (that is the *starter* guide).
>
> I would definitely suggest putting it on the website haproxy.org, and
> in the repository move it to a different file, like MAINTAINERS.
The security issue is not so critical (it's in a seldom-used protocol
family that isn't used unless it's explicitly written out in the config
file), and to the best of my knowledge (I searched for it on google),
I'm the only one who seems to be using it. Should I disclose it here?
Also, I'm
Hello,
On Tue, 20 Jul 2021 at 08:13, Peter Jin wrote:
> 2. There is a stack buffer overflow found in one of the files. Not
> disclosing it here because this email will end up on the public mailing
> list. If there is a "security" email address I could disclose it to,
> what is it?
It's
Hi,
I was browsing the code of HAProxy today (I don't use it regularly, but
I still like to read the code since it might be useful for my own
applications), and I saw three things that concerned me:
1. The network namespace support seems to be a bit broken. In the
function "my_socketat"
10 matches
Mail list logo