648b0e7bea
convert_ecdsa_sig() calls i2d_ECDSA_SIG(ecdsa_sig, &p) where p points into signature->area, a trash chunk of tune.bufsize bytes (default 16384). i2d writes with no output bound. The raw R||S input can be up to bufsize bytes (filled by base64urldec at jwt.c:520-527), giving bignum_len up to 8192. The DER encoding adds a SEQUENCE header (2-4 bytes), two INTEGER headers (2-4 bytes each), and up to two leading-zero sign-padding bytes when the bignum high bit is set. With two 8192-byte bignums having the high bit set, the encoding is ~16398 bytes, overflowing the 16384- byte buffer by ~14 bytes. Triggered by any JWT with alg=ES256/384/512 and a ~21830-character base64url signature. The signature does not need to verify successfully; the overflow happens before verification. Reachable from any config using jwt_verify with an EC algorithm. Also fixes the existing wrong check: i2d returns -1 on error which became SIZE_MAX in the size_t signature->data, defeating the "== 0" test. This must be backported as far as JWT support exists. |
||
|---|---|---|
| .github | ||
| addons | ||
| admin | ||
| dev | ||
| doc | ||
| examples | ||
| include | ||
| reg-tests | ||
| scripts | ||
| src | ||
| tests | ||
| .cirrus.yml | ||
| .gitattributes | ||
| .gitignore | ||
| .mailmap | ||
| .travis.yml | ||
| BRANCHES | ||
| BSDmakefile | ||
| CHANGELOG | ||
| CONTRIBUTING | ||
| INSTALL | ||
| LICENSE | ||
| MAINTAINERS | ||
| Makefile | ||
| README.md | ||
| SUBVERS | ||
| VERDATE | ||
| VERSION | ||
HAProxy
HAProxy is a free, very fast and reliable reverse-proxy offering high availability, load balancing, and proxying for TCP and HTTP-based applications.
Installation
The INSTALL file describes how to build HAProxy. A list of packages is also available on the wiki.
Getting help
The discourse and the mailing-list are available for questions or configuration assistance. You can also use the slack or IRC channel. Please don't use the issue tracker for these.
The issue tracker is only for bug reports or feature requests.
Documentation
The HAProxy documentation has been split into a number of different files for ease of use. It is available in text format as well as HTML. The wiki is also meant to replace the old architecture guide.
Please refer to the following files depending on what you're looking for:
- INSTALL for instructions on how to build and install HAProxy
- BRANCHES to understand the project's life cycle and what version to use
- LICENSE for the project's license
- CONTRIBUTING for the process to follow to submit contributions
The more detailed documentation is located into the doc/ directory:
- doc/intro.txt for a quick introduction on HAProxy
- doc/configuration.txt for the configuration's reference manual
- doc/lua.txt for the Lua's reference manual
- doc/SPOE.txt for how to use the SPOE engine
- doc/network-namespaces.txt for how to use network namespaces under Linux
- doc/management.txt for the management guide
- doc/regression-testing.txt for how to use the regression testing suite
- doc/peers.txt for the peers protocol reference
- doc/coding-style.txt for how to adopt HAProxy's coding style
- doc/internals for developer-specific documentation (not all up to date)
License
HAProxy is licensed under GPL 2 or any later version, the headers under LGPL 2.1. See the LICENSE file for a more detailed explanation.