BUG/MAJOR: fcgi: Fix uninitialized reserved bytes
Origin: https://git.haproxy.org/?p=haproxy-2.2.git;a=commit;h=
18575ba4e5057afdb80cc06135272889ae1fa2d1
Bug-Debian-Security: https://security-tracker.debian.org/tracker/CVE-2023-0836
The output buffer is not zero-initialized. If we don't clear reserved
bytes, fcgi requests sent to backend will leak sensitive data.
This patch must be backported as far as 2.2.
(cherry picked from commit
2e6bf0a2722866ae0128a4392fa2375bd1f03ff8)
Signed-off-by: Christopher Faulet <cfaulet@haproxy.com>
(cherry picked from commit
db03179fee55c60a92ce6b86a0f04dbb9ba0328b)
Signed-off-by: Christopher Faulet <cfaulet@haproxy.com>
(cherry picked from commit
f988992d16f45ef03d5bbb024a1042ed8123e4c5)
Signed-off-by: Christopher Faulet <cfaulet@haproxy.com>
(cherry picked from commit
0dc4cdc276d4a0e3347b7c3c4aedca2a2e0ab428)
Signed-off-by: Christopher Faulet <cfaulet@haproxy.com>
(cherry picked from commit
0c86fce8028d409de4181e82eec967cfb1e6268e)
Signed-off-by: Christopher Faulet <cfaulet@haproxy.com>
Gbp-Pq: Name 2.2-BUG-MAJOR-fcgi-Fix-uninitialized-reserved-bytes.patch
projects / haproxy.git / commit