[MDEV-39464] Fix off-by-one stack buffer overflow in PROXY v1 head - Jira

XML

Word

Printable

Details

Type: Bug
Status: Closed (View Workflow)
Priority: Critical
Resolution: Duplicate
Affects Version/s: 13.0
Fix Version/s: 10.6.28, 10.11.19, 11.4.13, 11.8.9, 12.3.3
Component/s: Protocol
Labels:
- contribution

Bug Category:
Not for Release Notes

Description

The header parsing loop could append a null terminator past the end of
the buffer when processing maximum-length PROXY v1 headers.

Fix by increasing the buffer size by one byte and using bounded reads
while preserving full header parsing.

Treat zero-length reads as connection close in this context.

Attachments

Issue Links

duplicates

MDEV-39564 One-byte OOB write in PROXY protocol v1 header parser

Closed

Activity

People

Assignee:: Georgi Kodinov

Reporter:: Georgi Kodinov

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Dates

Created:: 2026-04-28 07:43

Updated:: 2026-05-17 22:10

Resolved:: 2026-05-17 22:10

Git Integration

Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.