Fix CVE-2023-0836
This commit is contained in:
liningjie
parent
82e7a81403
commit
0614a9b80f
41
CVE-2023-0836.patch
Normal file
41
CVE-2023-0836.patch
Normal file
@ -0,0 +1,41 @@
|
||||
From 2e6bf0a2722866ae0128a4392fa2375bd1f03ff8 Mon Sep 17 00:00:00 2001
|
||||
From: Youfu Zhang <zhangyoufu@gmail.com>
|
||||
Date: Fri, 9 Dec 2022 19:15:48 +0800
|
||||
Subject: [PATCH] BUG/MAJOR: fcgi: Fix uninitialized reserved bytes
|
||||
|
||||
The output buffer is not zero-initialized. If we don't clear reserved
|
||||
bytes, fcgi requests sent to backend will leak sensitive data.
|
||||
|
||||
This patch must be backported as far as 2.2.
|
||||
---
|
||||
src/fcgi.c | 8 ++++++--
|
||||
1 file changed, 6 insertions(+), 2 deletions(-)
|
||||
|
||||
diff --git a/src/fcgi.c b/src/fcgi.c
|
||||
index dcf2db2..1d1a82b 100644
|
||||
--- a/src/fcgi.c
|
||||
+++ b/src/fcgi.c
|
||||
@@ -47,7 +47,7 @@ int fcgi_encode_record_hdr(struct buffer *out, const struct fcgi_header *h)
|
||||
out->area[len++] = ((h->len >> 8) & 0xff);
|
||||
out->area[len++] = (h->len & 0xff);
|
||||
out->area[len++] = h->padding;
|
||||
- len++; /* rsv */
|
||||
+ out->area[len++] = 0; /* rsv */
|
||||
|
||||
out->data = len;
|
||||
return 1;
|
||||
@@ -94,7 +94,11 @@ int fcgi_encode_begin_request(struct buffer *out, const struct fcgi_begin_reques
|
||||
out->area[len++] = ((r->role >> 8) & 0xff);
|
||||
out->area[len++] = (r->role & 0xff);
|
||||
out->area[len++] = r->flags;
|
||||
- len += 5; /* rsv */
|
||||
+ out->area[len++] = 0; /* rsv */
|
||||
+ out->area[len++] = 0;
|
||||
+ out->area[len++] = 0;
|
||||
+ out->area[len++] = 0;
|
||||
+ out->area[len++] = 0;
|
||||
|
||||
out->data = len;
|
||||
return 1;
|
||||
--
|
||||
1.7.10.4
|
||||
@ -5,7 +5,7 @@
|
||||
|
||||
Name: haproxy
|
||||
Version: 2.2.16
|
||||
Release: 5
|
||||
Release: 6
|
||||
Summary: The Reliable, High Performance TCP/HTTP Load Balancer
|
||||
|
||||
License: GPLv2+
|
||||
@ -21,6 +21,7 @@ Patch0002: CVE-2022-0711.patch
|
||||
Patch0003: CVE-2023-25725.patch
|
||||
Patch0004: CVE-2023-0056.patch
|
||||
Patch0005: CVE-2023-40225.patch
|
||||
Patch0006: CVE-2023-0836.patch
|
||||
|
||||
BuildRequires: gcc lua-devel pcre-devel zlib-devel openssl-devel systemd-devel systemd-units libatomic
|
||||
Requires: %{name}-help = %{version}-%{release}
|
||||
@ -128,6 +129,9 @@ exit 0
|
||||
%{_mandir}/man1/*
|
||||
|
||||
%changelog
|
||||
* Fri Dec 1 2023 liningjie <liningjie@xfusion.com> - 2.2.16-6
|
||||
- Fix CVE-2023-0836
|
||||
|
||||
* Mon Aug 21 2023 wangkai <wang_kai001@hoperun.com> - 2.2.16-5
|
||||
- Fix CVE-2023-40225
|
||||
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user