upstream/haproxy
1
0
Fork 0
mirror of https://github.com/haproxy/haproxy.git synced 2026-06-11 01:41:49 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions 16

BUG/MEDIUM: mux-fcgi: reject stream ID 0 for application records

Browse source 
Records with a stream ID set to 0 are reserved to management records.
However there was no check to trigger an error if an application record is
received with a stream ID to 0. This could lead to crash becausqe management
streams (which are static and immutable) can be modified while processing
application records (STDOUT/STDERR/END_REQUEST).

To fix the issue, An error is returned if the stream ID 0 is set on
GET_VALUES_RESULT or UNKNOWN_TYPE records.

This patch must be backported to all stable versions.
This commit is contained in:
Christopher Faulet 2026-05-26 13:56:12 +02:00
parent 1a5a33396d
commit 3ac082b2b2
1 changed files with 10 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

10
src/mux_fcgi.c
View file

@ -2644,6 +2644,16 @@ static void fcgi_process_demux(struct fcgi_conn *fconn)
}
fstrm = tmp_fstrm;
if (fconn->dsi == 0 && fconn->drt != FCGI_GET_VALUES_RESULT && fconn->drt != FCGI_UNKNOWN_TYPE) {
/* Stream ID 0 is reserved for management records and
* must not used for application record type.
*/
fconn->state = FCGI_CS_CLOSED;
TRACE_ERROR("Application record with SID 0", FCGI_EV_RX_RECORD|FCGI_EV_RX_FHDR|FCGI_EV_RX_GETVAL|FCGI_EV_FCONN_ERR, fconn->conn);
TRACE_STATE("switching to CLOSED", FCGI_EV_RX_RECORD|FCGI_EV_RX_FHDR|FCGI_EV_RX_GETVAL|FCGI_EV_FCONN_ERR, fconn->conn);
goto fail;
}
if (fstrm->state == FCGI_SS_CLOSED && fconn->dsi != 0) {
/* ignore all record for closed streams */
goto ignore_record;