packages/haproxy
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

!47 Fix CVE-2022-0711

Browse Source 
From: @starlet-dx 
Reviewed-by: @zhuchunyi 
Signed-off-by: @zhuchunyi
This commit is contained in:
openeuler-ci-bot 2022-03-11 06:13:27 +00:00 committed by Gitee
commit a67d40afc9
No known key found for this signature in database
GPG Key ID: 173E9B9CA92EEF8F
2 changed files with 46 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

40
CVE-2022-0711.patch Normal file
View File

@ -0,0 +1,40 @@
From bfb15ab34ead85f64cd6da0e9fb418c9cd14cee8 Mon Sep 17 00:00:00 2001
From: Andrew McDermott <aim@frobware.com>
Date: Fri, 11 Feb 2022 18:26:49 +0000
Subject: [PATCH] BUG/MAJOR: http/htx: prevent unbounded loop in
http_manage_server_side_cookies
Ensure calls to http_find_header() terminate. If a "Set-Cookie2"
header is found then the while(1) loop in
http_manage_server_side_cookies() will never terminate, resulting in
the watchdog firing and the process terminating via SIGABRT.
The while(1) loop becomes unbounded because an unmatched call to
http_find_header("Set-Cookie") will leave ctx->blk=NULL. Subsequent
calls to check for "Set-Cookie2" will now enumerate from the beginning
of all the blocks and will once again match on subsequent
passes (assuming a match first time around), hence the loop becoming
unbounded.
This issue was introduced with HTX and this fix should be backported
to all versions supporting HTX.
Many thanks to Grant Spence (gspence@redhat.com) for working through
this issue with me.
---
src/http_ana.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/http_ana.c b/src/http_ana.c
index 715dd3a5c5..c2d9d9b439 100644
--- a/src/http_ana.c
+++ b/src/http_ana.c
@@ -3418,7 +3418,7 @@ static void http_manage_server_side_cookies(struct stream *s, struct channel *re
while (1) {
int is_first = 1;
- if (!http_find_header(htx, ist("Set-Cookie"), &ctx, 1)) {
+ if (is_cookie2 || !http_find_header(htx, ist("Set-Cookie"), &ctx, 1)) {
if (!http_find_header(htx, ist("Set-Cookie2"), &ctx, 1))
break;
is_cookie2 = 1;

7
haproxy.spec
View File

@ -5,7 +5,7 @@
Name: haproxy Name: haproxy
Version: 2.4.8 Version: 2.4.8
Release: 1 Release: 2
Summary: The Reliable, High Performance TCP/HTTP Load Balancer Summary: The Reliable, High Performance TCP/HTTP Load Balancer
License: GPLv2+ License: GPLv2+
@ -16,6 +16,8 @@ Source2: %{name}.cfg
Source3: %{name}.logrotate Source3: %{name}.logrotate
Source4: %{name}.sysconfig Source4: %{name}.sysconfig
Patch0: CVE-2022-0711.patch
BuildRequires: gcc lua-devel pcre2-devel openssl-devel systemd-devel systemd libatomic BuildRequires: gcc lua-devel pcre2-devel openssl-devel systemd-devel systemd libatomic
Requires(pre): shadow-utils Requires(pre): shadow-utils
%{?systemd_requires} %{?systemd_requires}
@ -118,6 +120,9 @@ exit 0
%{_mandir}/man1/* %{_mandir}/man1/*
%changelog %changelog
* Fri Mar 11 2022 yaoxin <yaoxin30@huawei.com> - 2.4.8-2
- Fix CVE-2022-0711
* Tue Dec 07 2021 yanglu <yanglu72@huawei.com> - 2.4.8-1 * Tue Dec 07 2021 yanglu <yanglu72@huawei.com> - 2.4.8-1
- update haproxy to 2.4.8 - update haproxy to 2.4.8