kozorizki/haproxy
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

BUG/MEDIUM: ssl: fix off-by-one in NPN list allocation

Browse Source 
After seeing previous ALPN fix, I suspected that NPN code was wrong
as well, and indeed it was since ALPN was copied from it. This fix
must be backported into 1.6 and 1.5.
This commit is contained in:
Willy Tarreau 2016-02-12 17:11:12 +01:00
parent bef6091cff
commit 3724da1261
1 changed files with 5 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
src/ssl_sock.c
View File

@ -5231,9 +5231,12 @@ static int bind_parse_npn(char **args, int cur_arg, struct proxy *px, struct bin
free(conf->npn_str);
/* the NPN string is built as a suite of (<len> <name>)* */
/* the NPN string is built as a suite of (<len> <name>)*,
* so we reuse each comma to store the next <len> and need
* one more for the end of the string.
*/
conf->npn_len = strlen(args[cur_arg + 1]) + 1;
conf->npn_str = calloc(1, conf->npn_len);
conf->npn_str = calloc(1, conf->npn_len + 1);
memcpy(conf->npn_str + 1, args[cur_arg + 1], conf->npn_len);
/* replace commas with the name length */