packages/haproxy
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Fix CVE-2023-0836

Browse Source 
(cherry picked from commit 0cc414c3d1814c055f53e561d72a26b5a6fc87d4)
This commit is contained in:
liningjie 2023-12-01 12:19:17 +08:00 committed by openeuler-sync-bot
parent 71c6d0617c
commit 49d44f471d
2 changed files with 46 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

41
CVE-2023-0836.patch Normal file
View File

@ -0,0 +1,41 @@
From 2e6bf0a2722866ae0128a4392fa2375bd1f03ff8 Mon Sep 17 00:00:00 2001
From: Youfu Zhang <zhangyoufu@gmail.com>
Date: Fri, 9 Dec 2022 19:15:48 +0800
Subject: [PATCH] BUG/MAJOR: fcgi: Fix uninitialized reserved bytes
The output buffer is not zero-initialized. If we don't clear reserved
bytes, fcgi requests sent to backend will leak sensitive data.
This patch must be backported as far as 2.2.
---
src/fcgi.c | 8 ++++++--
1 file changed, 6 insertions(+), 2 deletions(-)
diff --git a/src/fcgi.c b/src/fcgi.c
index dcf2db2..1d1a82b 100644
--- a/src/fcgi.c
+++ b/src/fcgi.c
@@ -47,7 +47,7 @@ int fcgi_encode_record_hdr(struct buffer *out, const struct fcgi_header *h)
out->area[len++] = ((h->len >> 8) & 0xff);
out->area[len++] = (h->len & 0xff);
out->area[len++] = h->padding;
- len++; /* rsv */
+ out->area[len++] = 0; /* rsv */
out->data = len;
return 1;
@@ -94,7 +94,11 @@ int fcgi_encode_begin_request(struct buffer *out, const struct fcgi_begin_reques
out->area[len++] = ((r->role >> 8) & 0xff);
out->area[len++] = (r->role & 0xff);
out->area[len++] = r->flags;
- len += 5; /* rsv */
+ out->area[len++] = 0; /* rsv */
+ out->area[len++] = 0;
+ out->area[len++] = 0;
+ out->area[len++] = 0;
+ out->area[len++] = 0;
out->data = len;
return 1;
--
1.7.10.4

6
haproxy.spec
View File

@ -5,7 +5,7 @@
Name: haproxy Name: haproxy
Version: 2.6.6 Version: 2.6.6
Release: 6 Release: 7
Summary: The Reliable, High Performance TCP/HTTP Load Balancer Summary: The Reliable, High Performance TCP/HTTP Load Balancer
License: GPLv2+ License: GPLv2+
@ -28,6 +28,7 @@ Patch8: backport-BUG-MEDIUM-connection-Preserve-flags-when-a-conn-is-.
Patch9: backport-BUG-MINOR-protocol-fix-minor-memory-leak-in-protocol.patch Patch9: backport-BUG-MINOR-protocol-fix-minor-memory-leak-in-protocol.patch
Patch10: backport-BUG-MEDIUM-stream-do-not-try-to-free-a-failed-stream.patch Patch10: backport-BUG-MEDIUM-stream-do-not-try-to-free-a-failed-stream.patch
Patch11: backport-BUG-MINOR-server-inherit-from-netns-in-srv_settings_.patch Patch11: backport-BUG-MINOR-server-inherit-from-netns-in-srv_settings_.patch
Patch12: CVE-2023-0836.patch
BuildRequires: gcc lua-devel pcre2-devel openssl-devel systemd-devel systemd libatomic BuildRequires: gcc lua-devel pcre2-devel openssl-devel systemd-devel systemd libatomic
%ifarch sw_64 %ifarch sw_64
@ -132,6 +133,9 @@ exit 0
%{_mandir}/man1/* %{_mandir}/man1/*
%changelog %changelog
* Fri Dec 1 2023 liningjie <liningjie@xfusion.com> - 2.6.6-7
- Fix CVE-2023-0836
* Wed Sep 27 2023 xinghe <xinghe2@h-partners.com> - 2.6.6-6 * Wed Sep 27 2023 xinghe <xinghe2@h-partners.com> - 2.6.6-6
- Type:bugfix - Type:bugfix
- CVE:NA - CVE:NA