[MDEV-39564] One-byte OOB write in PROXY protocol v1 header parser - Jira

XML

Word

Printable

Details

Type: Bug
Status: Closed (View Workflow)
Priority: Major
Resolution: Fixed
Affects Version/s: 10.6, 10.11, 11.4, 11.8, 12.3
Fix Version/s: 10.6.28, 10.11.19, 11.4.13, 11.8.9, 12.3.2
Component/s: Protocol
Labels:
None

Bug Category:
Can result in hang or crash

Description

When the client sends a PROXY-protocol v1 signature followed by 252 bytes that contain no \n terminator, parse_proxy_protocol_header exits its read loop with pos == sizeof(hdr) and then executes hdr[pos] = 0, writing one byte past the end of the buffer.

Reported by Sean Nejad.

Attachments

Issue Links

duplicates

MDEV-39219 Buffer overflow in PROXY protocol header v1 parsing

Closed

is duplicated by

MDEV-39464 Fix off-by-one stack buffer overflow in PROXY v1 head

Closed

Activity

People

Assignee:: Sergei Golubchik

Reporter:: Sergei Golubchik

Votes:: 0 Vote for this issue

Watchers:: 1 Start watching this issue

Dates

Created:: 2026-05-11 14:42

Updated:: 2026-05-20 21:21

Resolved:: 2026-05-20 21:21

Time Tracking

Estimated:

Remaining:

Logged:

Git Integration

Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.