update haproxy to 2.4.8
This commit is contained in:
yangl777
parent
bd0ada7c19
commit
68131294c3
@ -1,65 +0,0 @@
|
||||
From 86f4f281efb933900ebcc4fdaef95f566382d907 Mon Sep 17 00:00:00 2001
|
||||
From: Willy Tarreau <w@1wt.eu>
|
||||
Date: Thu, 26 Aug 2021 16:23:37 +0200
|
||||
Subject: BUG/MAJOR: htx: fix missing header name length check in
|
||||
htx_add_header/trailer
|
||||
|
||||
Shachar Menashe for JFrog Security reported that htx_add_header() and
|
||||
htx_add_trailer() were missing a length check on the header name. While
|
||||
this does not allow to overwrite any memory area, it results in bits of
|
||||
the header name length to slip into the header value length and may
|
||||
result in forging certain header names on the input. The sad thing here
|
||||
is that a FIXME comment was present suggesting to add the required length
|
||||
checks :-(
|
||||
|
||||
The injected headers are visible to the HTTP internals and to the config
|
||||
rules, so haproxy will generally stay synchronized with the server. But
|
||||
there is one exception which is the content-length header field, because
|
||||
it is already deduplicated on the input, but before being indexed. As
|
||||
such, injecting a content-length header after the deduplication stage
|
||||
may be abused to present a different, shorter one on the other side and
|
||||
help build a request smuggling attack, or even maybe a response splitting
|
||||
attack.
|
||||
|
||||
As a mitigation measure, it is sufficient to verify that no more than
|
||||
one such header is present in any message, which is normally the case
|
||||
thanks to the duplicate checks:
|
||||
|
||||
http-request deny if { req.hdr_cnt(content-length) gt 1 }
|
||||
http-response deny if { res.hdr_cnt(content-length) gt 1 }
|
||||
|
||||
This must be backported to all HTX-enabled versions, hence as far as 2.0.
|
||||
In 2.3 and earlier, the functions are in src/htx.c instead.
|
||||
|
||||
Many thanks to Shachar for his work and his responsible report!
|
||||
|
||||
[wt: code is in src/htx.c in 2.3 and older]
|
||||
Signed-off-by: Willy Tarreau <w@1wt.eu>
|
||||
---
|
||||
src/htx.c | 8 ++++++--
|
||||
1 file changed, 6 insertions(+), 2 deletions(-)
|
||||
|
||||
--- a/src/htx.c
|
||||
+++ b/src/htx.c
|
||||
@@ -859,7 +859,9 @@ struct htx_blk *htx_add_header(struct ht
|
||||
{
|
||||
struct htx_blk *blk;
|
||||
|
||||
- /* FIXME: check name.len (< 256B) and value.len (< 1MB) */
|
||||
+ if (name.len > 255 || value.len > 1048575)
|
||||
+ return NULL;
|
||||
+
|
||||
blk = htx_add_blk(htx, HTX_BLK_HDR, name.len + value.len);
|
||||
if (!blk)
|
||||
return NULL;
|
||||
@@ -878,7 +880,9 @@ struct htx_blk *htx_add_trailer(struct h
|
||||
{
|
||||
struct htx_blk *blk;
|
||||
|
||||
- /* FIXME: check name.len (< 256B) and value.len (< 1MB) */
|
||||
+ if (name.len > 255 || value.len > 1048575)
|
||||
+ return NULL;
|
||||
+
|
||||
blk = htx_add_blk(htx, HTX_BLK_TLR, name.len + value.len);
|
||||
if (!blk)
|
||||
return NULL;
|
||||
Binary file not shown.
BIN
haproxy-2.4.8.tar.gz
Normal file
BIN
haproxy-2.4.8.tar.gz
Normal file
Binary file not shown.
45
haproxy.spec
45
haproxy.spec
@ -4,25 +4,21 @@
|
||||
%global _hardened_build 1
|
||||
|
||||
Name: haproxy
|
||||
Version: 2.2.16
|
||||
Release: 2
|
||||
Version: 2.4.8
|
||||
Release: 1
|
||||
Summary: The Reliable, High Performance TCP/HTTP Load Balancer
|
||||
|
||||
License: GPLv2+
|
||||
URL: https://www.haproxy.org/
|
||||
Source0: https://www.haproxy.org/download/2.2/src/%{name}-%{version}.tar.gz
|
||||
Source0: https://www.haproxy.org/download/2.4/src/%{name}-%{version}.tar.gz
|
||||
Source1: %{name}.service
|
||||
Source2: %{name}.cfg
|
||||
Source3: %{name}.logrotate
|
||||
Source4: %{name}.sysconfig
|
||||
|
||||
Patch0001: CVE-2021-40346.patch
|
||||
|
||||
BuildRequires: gcc lua-devel pcre-devel zlib-devel openssl-devel systemd-devel systemd-units libatomic
|
||||
BuildRequires: gcc lua-devel pcre2-devel openssl-devel systemd-devel systemd libatomic
|
||||
Requires(pre): shadow-utils
|
||||
Requires(post): systemd
|
||||
Requires(preun): systemd
|
||||
Requires(postun): systemd
|
||||
%{?systemd_requires}
|
||||
|
||||
%package_help
|
||||
%description
|
||||
@ -38,16 +34,14 @@ use_regparm_opt=
|
||||
use_regparm_opt="USE_REGPARM=1"
|
||||
%endif
|
||||
|
||||
%make_build CPU="generic" TARGET="linux-glibc" USE_OPENSSL=1 USE_PCRE=1 USE_ZLIB=1 \
|
||||
USE_LUA=1 USE_CRYPT_H=1 USE_SYSTEMD=1 USE_LINUX_TPROXY=1 USE_GETADDRINFO=1 ${use_regparm_opt} \
|
||||
ADDINC="%{optflags}" ADDLIB="%{__global_ldflags}" EXTRA_OBJS="contrib/prometheus-exporter/service-prometheus.o"
|
||||
%make_build CPU="generic" TARGET="linux-glibc" USE_OPENSSL=1 USE_PCRE2=1 USE_SLZ=1 \
|
||||
USE_LUA=1 USE_CRYPT_H=1 USE_SYSTEMD=1 USE_LINUX_TPROXY=1 USE_GETADDRINFO=1 USE_PROMEX=1 DEFINE=-DMAX_SESS_STKCTR=12 ${use_regparm_opt} \
|
||||
ADDINC="%{build_cflags}" ADDLIB="%{build_ldflags}"
|
||||
|
||||
pushd contrib/halog
|
||||
%make_build ${halog} OPTIMIZE="%{optflags} %{build_ldflags}"
|
||||
popd
|
||||
%make_build admin/halog/halog ADDINC="%{build_cflags}" ADDLIB="%{build_ldflags}"
|
||||
|
||||
pushd contrib/iprange
|
||||
%make_build iprange OPTIMIZE="%{optflags} %{build_ldflags}"
|
||||
pushd admin/iprange
|
||||
%make_build OPTIMIZE="%{build_cflags}" LDFLAGS="%{build_ldflags}"
|
||||
popd
|
||||
|
||||
%install
|
||||
@ -66,8 +60,9 @@ install -d -m 0755 .%{_localstatedir}/lib/haproxy
|
||||
install -d -m 0755 .%{_datadir}/haproxy
|
||||
popd
|
||||
|
||||
install -p -m 0755 ./contrib/halog/halog %{buildroot}%{_bindir}/halog
|
||||
install -p -m 0755 ./contrib/iprange/iprange %{buildroot}%{_bindir}/iprange
|
||||
install -p -m 0755 ./admin/halog/halog %{buildroot}%{_bindir}/halog
|
||||
install -p -m 0755 ./admin/iprange/iprange %{buildroot}%{_bindir}/iprange
|
||||
install -p -m 0755 ./admin/iprange/ip6range %{buildroot}%{_bindir}/ip6range
|
||||
install -p -m 0644 ./examples/errorfiles/* %{buildroot}%{_datadir}/haproxy
|
||||
|
||||
for httpfile in $(find ./examples/errorfiles/ -type f)
|
||||
@ -110,6 +105,7 @@ exit 0
|
||||
%config(noreplace) %{_sysconfdir}/sysconfig/%{name}
|
||||
%{_bindir}/halog
|
||||
%{_bindir}/iprange
|
||||
%{_bindir}/ip6range
|
||||
%{_sbindir}/%{name}
|
||||
%{_unitdir}/%{name}.service
|
||||
%dir %{_localstatedir}/lib/haproxy
|
||||
@ -122,16 +118,19 @@ exit 0
|
||||
%{_mandir}/man1/*
|
||||
|
||||
%changelog
|
||||
* Sat Sep 18 yaoxin <yaoxin30@huawei.com> - 2.2.16-2
|
||||
* Tue Dec 07 2021 yanglu <yanglu72@huawei.com> - 2.4.8-1
|
||||
- update haproxy to 2.4.8
|
||||
|
||||
* Sat Sep 18 2021 yaoxin <yaoxin30@huawei.com> - 2.2.16-2
|
||||
- Fix CVE-2021-40346
|
||||
|
||||
* Mon Aug 30 yaoxin <yaoxin30@huawei.com> - 2.2.16-1
|
||||
* Mon Aug 30 2021 yaoxin <yaoxin30@huawei.com> - 2.2.16-1
|
||||
- Upgrade 2.2.16 to fix CVE-2021-39240
|
||||
|
||||
* Thu Aug 26 liwu <liwu13@huawei.com> - 2.2.1-2
|
||||
* Thu Aug 26 2021 liwu <liwu13@huawei.com> - 2.2.1-2
|
||||
- fix CVE-2021-39241,CVE-2021-39242
|
||||
|
||||
* Thu July 1 huanghaitao <huanghaitao8@huawei.com> - 2.2.1-1
|
||||
* Thu Jul 1 2021 huanghaitao <huanghaitao8@huawei.com> - 2.2.1-1
|
||||
- update to 2.2.1
|
||||
|
||||
* Tue Sep 15 2020 Ge Wang <wangge20@huawei.com> - 2.0.17-1
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user