Uploaded image for project: 'MariaDB Server'
  1. MariaDB Server
  2. MDEV-39564

One-byte OOB write in PROXY protocol v1 header parser

    XMLWordPrintable

Details

    • Bug
    • Status: In Testing (View Workflow)
    • Major
    • Resolution: Unresolved
    • 10.6, 10.11, 11.4, 11.8, 12.3
    • 10.6, 10.11, 11.4, 11.8, 12.3
    • Protocol
    • None
    • Can result in hang or crash

    Description

      When the client sends a PROXY-protocol v1 signature followed by 252 bytes that contain no \n terminator, parse_proxy_protocol_header exits its read loop with pos == sizeof(hdr) and then executes hdr[pos] = 0, writing one byte past the end of the buffer.

      Reported by Sean Nejad.

      Attachments

        Issue Links

          duplicates

          Bug - A problem which impairs or prevents the functions of the product. MDEV-39219 Buffer overflow in PROXY protocol header v1 parsing

          • Blocker - Blocks development and/or testing work, production could not run.
          • Closed

          Activity

            People

              Unassigned Unassigned
              serg Sergei Golubchik
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

                Created:
                Updated:

                Git Integration

                  Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.