From bbfeac7e06207eee02999e9b3f71a3009fe742cb Mon Sep 17 00:00:00 2001 From: Thomas Heil Date: Mon, 21 Jul 2014 17:57:31 +0200 Subject: [PATCH] haproxy: fixes from upstream [PATCH 6/6] BUG/MEDIUM: connection: fix proxy v2 header again! Signed-off-by: Thomas Heil --- net/haproxy/Makefile | 2 +- ...connection-fix-proxy-v2-header-again.patch | 34 +++++++++++++++++++ 2 files changed, 35 insertions(+), 1 deletion(-) create mode 100644 net/haproxy/patches/0006-BUG-MEDIUM-connection-fix-proxy-v2-header-again.patch diff --git a/net/haproxy/Makefile b/net/haproxy/Makefile index 04d640c15d..c13d265fa1 100644 --- a/net/haproxy/Makefile +++ b/net/haproxy/Makefile @@ -10,7 +10,7 @@ include $(TOPDIR)/rules.mk PKG_NAME:=haproxy PKG_VERSION:=1.5.2 -PKG_RELEASE:=05 +PKG_RELEASE:=06 PKG_SOURCE:=haproxy-$(PKG_VERSION).tar.gz PKG_SOURCE_URL:=http://haproxy.1wt.eu/download/1.5/src/ PKG_MD5SUM:=e854fed32ea751d6db7f366cb910225a diff --git a/net/haproxy/patches/0006-BUG-MEDIUM-connection-fix-proxy-v2-header-again.patch b/net/haproxy/patches/0006-BUG-MEDIUM-connection-fix-proxy-v2-header-again.patch new file mode 100644 index 0000000000..3b4cb82e0f --- /dev/null +++ b/net/haproxy/patches/0006-BUG-MEDIUM-connection-fix-proxy-v2-header-again.patch @@ -0,0 +1,34 @@ +From 04b80cd29b23d02f373c095569e871275d128b43 Mon Sep 17 00:00:00 2001 +From: Willy Tarreau +Date: Sat, 19 Jul 2014 06:37:33 +0200 +Subject: [PATCH 6/6] BUG/MEDIUM: connection: fix proxy v2 header again! + +Last commit 77d1f01 ("BUG/MEDIUM: connection: fix memory corruption +when building a proxy v2 header") was wrong, using &cn_trash instead +of cn_trash resulting in a warning and the client's SSL cert CN not +being stored at the proper location. + +Thanks to Lukas Tribus for spotting this quickly. + +This should be backported to 1.5 after the patch above is backported. +(cherry picked from commit 3b9a0c9d4d083d749846d66f9bd4caabafe4ee78) +--- + src/connection.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/connection.c b/src/connection.c +index 3435b1a..2dd2c02 100644 +--- a/src/connection.c ++++ b/src/connection.c +@@ -684,7 +684,7 @@ int make_proxy_line_v2(char *buf, int buf_len, struct server *srv, struct connec + } + if (srv->pp_opts & SRV_PP_V2_SSL_CN) { + cn_trash = get_trash_chunk(); +- if (ssl_sock_get_remote_common_name(remote, &cn_trash) > 0) { ++ if (ssl_sock_get_remote_common_name(remote, cn_trash) > 0) { + tlv_len = make_tlv(&buf[ret+ssl_tlv_len], (buf_len - ret - ssl_tlv_len), PP2_TYPE_SSL_CN, cn_trash->len, cn_trash->str); + ssl_tlv_len += tlv_len; + } +-- +1.8.5.5 +