Repositories - haproxy-2.3.git/commit

author	Willy Tarreau <w@1wt.eu>
	Thu, 14 Oct 2021 06:11:48 +0000 (08:11 +0200)
committer	Christopher Faulet <cfaulet@haproxy.com>
	Wed, 3 Nov 2021 10:15:06 +0000 (11:15 +0100)
commit	beb71357f929c479a50129e6c6aeed1d3546e7ed
tree	5a3265223760f420df3fc98665e470a3e0b31fb8	tree \| snapshot
parent	0bf6947f328cfddf320fe81d6c6df94990dad8ad	commit \| diff

BUG/MEDIUM: resolver: make sure to always use the correct hostname length

In issue #1411, @jjiang-stripe reports that do-resolve() sometimes seems
to be trying to resolve crap from random memory contents.

The issue is that action_prepare_for_resolution() tries to measure the
input string by itself using strlen(), while resolv_action_do_resolve()
directly passes it a pointer to the sample, omitting the known length.
Thus of course any other header present after the host in memory are
appended to the host value. It could theoretically crash if really
unlucky, with a buffer that does not contain any zero including in the
index at the end, and if the HTX buffer ends on an allocation boundary.
In practice it should be too low a probability to have ever been observed.

This patch modifies the action_prepare_for_resolution() function to take
the string length on with the host name on input and pass that down the
chain. This should be backported to 2.0 along with commit "MINOR:
resolvers: fix the resolv_str_to_dn_label() API about trailing zero".

(cherry picked from commit 947ae125cc3a00c05a5356de177b732fdc55aab5)
Signed-off-by: Willy Tarreau <w@1wt.eu>
(cherry picked from commit a13a610841988fa9713eae50e3fd91e0fd9038f8)
Signed-off-by: Christopher Faulet <cfaulet@haproxy.com>