7315428615
The varint hpack decoder supports unbounded numbers but returns 32-bit results. This means that possible truncation my happen on some field lengths or indexes that would be emitted as quantities that do not fit in a 32-bit number. The final value will also depend on how the left shift operation behaves on the target architecture (e.g. whether bits are lost or used modulo 31). This could lead to a desynchronization of the HPACK stream decoding compared to what an external observer would see (e.g. from a network traffic capture). However, there isn't any impact between streams, HPACK is performed at the connection level, not at the stream level, so no stream may try to leverage this limitation to have any effect on another one. For the fix, instead of adding checks everywhere in the loop and for the final stage, let's rewrite the decoder to compare the read value to a max value that is shifted by 7 bits for every 7 bits read. This allows a sender to continue to emit zeroes for higher bits without being blocked, while detecting that a received value would overflow. The loop is now simpler as it deals both with values with the higher bit set and the final ones, and stops once the final value was recorded. A test on non-zero before performing the shift was added to please ubsan, though in practice zero shifted by any quantity remains zero. But the test is cheap so that's OK. Thanks to Guillaume Meunier, Head of Vulnerability Operations Center France at Orange Cyberdefense, for reporting this bug. This should be backported to all stable versions. |
||
|---|---|---|
| .github | ||
| addons | ||
| admin | ||
| dev | ||
| doc | ||
| examples | ||
| include | ||
| reg-tests | ||
| scripts | ||
| src | ||
| tests | ||
| .cirrus.yml | ||
| .gitattributes | ||
| .gitignore | ||
| .mailmap | ||
| .travis.yml | ||
| BRANCHES | ||
| BSDmakefile | ||
| CHANGELOG | ||
| CONTRIBUTING | ||
| INSTALL | ||
| LICENSE | ||
| MAINTAINERS | ||
| Makefile | ||
| README.md | ||
| SUBVERS | ||
| VERDATE | ||
| VERSION | ||
HAProxy
HAProxy is a free, very fast and reliable reverse-proxy offering high availability, load balancing, and proxying for TCP and HTTP-based applications.
Installation
The INSTALL file describes how to build HAProxy. A list of packages is also available on the wiki.
Getting help
The discourse and the mailing-list are available for questions or configuration assistance. You can also use the slack or IRC channel. Please don't use the issue tracker for these.
The issue tracker is only for bug reports or feature requests.
Documentation
The HAProxy documentation has been split into a number of different files for ease of use. It is available in text format as well as HTML. The wiki is also meant to replace the old architecture guide.
Please refer to the following files depending on what you're looking for:
- INSTALL for instructions on how to build and install HAProxy
- BRANCHES to understand the project's life cycle and what version to use
- LICENSE for the project's license
- CONTRIBUTING for the process to follow to submit contributions
The more detailed documentation is located into the doc/ directory:
- doc/intro.txt for a quick introduction on HAProxy
- doc/configuration.txt for the configuration's reference manual
- doc/lua.txt for the Lua's reference manual
- doc/SPOE.txt for how to use the SPOE engine
- doc/network-namespaces.txt for how to use network namespaces under Linux
- doc/management.txt for the management guide
- doc/regression-testing.txt for how to use the regression testing suite
- doc/peers.txt for the peers protocol reference
- doc/coding-style.txt for how to adopt HAProxy's coding style
- doc/internals for developer-specific documentation (not all up to date)
License
HAProxy is licensed under GPL 2 or any later version, the headers under LGPL 2.1. See the LICENSE file for a more detailed explanation.