Gitiles
Code Review Sign In
git01.mediatek.com / haproxy / a73e00a1f7164d5dbb276232c8d3c838d921da89
commita73e00a1f7164d5dbb276232c8d3c838d921da89[log] [tgz]
authorChristopher Faulet <cfaulet@haproxy.com>Fri Jan 26 16:30:53 2024 +0100
committerWilly Tarreau <w@1wt.eu>Wed Feb 14 18:42:53 2024 +0100
tree44ce44c7e842ff4dde3d9e650cfe0092f384f61a
parent8df94eb6f63e2bdc01b46b18a380d4051e0723b4 [diff]
BUG/MEDIUM: h1: Don't support LF only to mark the end of a chunk size

It is similar to the previous fix but for the chunk size parsing. But this
one is more annoying because a poorly coded application in front of haproxy
may ignore the last digit before the LF thinking it should be a CR. In this
case it may be out of sync with HAProxy and that could be exploited to
perform some sort or request smuggling attack.

While it seems unlikely, it is safer to forbid LF with CR at the end of a
chunk size.

This patch must be backported to 2.9 and probably to all stable versions
because there is no reason to still support LF without CR in this case.

(cherry picked from commit 4837e998920cbd4e43026e0a638b8ebd71c8018f)
Signed-off-by: Willy Tarreau <w@1wt.eu>
(cherry picked from commit e6dc7670438f1cf87b7f16fc78365e130ecba295)
Signed-off-by: Willy Tarreau <w@1wt.eu>
2 files changed
tree: 44ce44c7e842ff4dde3d9e650cfe0092f384f61a
  1. .github/
  2. addons/
  3. admin/
  4. dev/
  5. doc/
  6. examples/
  7. include/
  8. reg-tests/
  9. scripts/
  10. src/
  11. tests/
  12. .cirrus.yml
  13. .gitattributes
  14. .gitignore
  15. .mailmap
  16. .travis.yml
  17. BRANCHES
  18. BSDmakefile
  19. CHANGELOG
  20. CONTRIBUTING
  21. INSTALL
  22. LICENSE
  23. MAINTAINERS
  24. Makefile
  25. README
  26. SUBVERS
  27. VERDATE
  28. VERSION