upstream/haproxy
1
0
Fork 0
mirror of https://github.com/haproxy/haproxy.git synced 2026-04-15 21:59:41 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions 3

BUG/MINOR: h3: prevent overflow when parsing SETTINGS

Browse source 
h3_parse_settings_frm() read one byte after the frame payload. Fix the
parsing code. In most cases, this has no impact as we are inside an
allocated buffer but it could cause a segfault depending on the buffer
alignment.
This commit is contained in:
Amaury Denoyelle 2022-05-24 16:30:11 +02:00
parent 081479df92
commit 160507d0ba
1 changed files with 1 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
src/h3.c
View file

@ -352,7 +352,7 @@ static int h3_parse_settings_frm(struct h3c *h3c, const struct ncbuf *rxbuf, siz
buf = (const unsigned char *)ncb_head(rxbuf);
end = buf + flen;
while (buf <= end) {
while (buf < end) {
if (!quic_dec_int(&id, &buf, end) || !quic_dec_int(&value, &buf, end))
return 0;