backport upstream patches

2024-11-21 03:37:53 +00:00 · 2024-11-21 03:37:53 +00:00 · fec3d9e6d6
commit fec3d9e6d6
parent 8e5c01df7f
2 changed files with 55 additions and 1 deletions
--- a/backport-BUG-MEDIUM-stream-Prevent-mux-upgrades-if-client-con.patch
+++ b/backport-BUG-MEDIUM-stream-Prevent-mux-upgrades-if-client-con.patch
@ -0,0 +1,47 @@
+From 56fb102c0c6094792fd38455b38b88a94454e996 Mon Sep 17 00:00:00 2001
+From: Christopher Faulet <cfaulet@haproxy.com>
+Date: Wed, 28 Aug 2024 15:42:22 +0200
+Subject: [PATCH] BUG/MEDIUM: stream: Prevent mux upgrades if client connection
+ is no longer ready
+
+If an early error occurred on the client connection, we must prevent any
+multiplexer upgrades. Indeed, it is unexpected for a mux to be initialized
+with no xprt. On a normal workflow it is impossible. So it is not an
+issue. But if a mux upgrade is performed at the stream level, an early error
+on the connection may have already been handled by the previous mux and the
+connection may be already fully closed. If the mux upgrade is still
+performed, a crash can be experienced.
+
+It is possible to have a crash with an implicit TCP>HTTP upgrade if there is no
+data in the input buffer. But it is also possible to get a crash with an
+explicit "switch-mode http" rule.
+
+It must be backported to all stable versions. In 2.2, the patch must be
+applied directly in stream_set_backend() function.
+
+(cherry picked from commit e4812404c541018ba521abf6573be92553ba7c53)
+Signed-off-by: Willy Tarreau <w@1wt.eu>
+(cherry picked from commit 13437097c312e524a346b9016d8ab273374d2053)
+Signed-off-by: Christopher Faulet <cfaulet@haproxy.com>
+
+Conflict: NA
+Reference: https://github.com/haproxy/haproxy/commit/56fb102c0c6094792fd38455b38b88a94454e996
+---
+ src/stream.c | 4 ++++
+ 1 file changed, 4 insertions(+)
+
+diff --git a/src/stream.c b/src/stream.c
+index e643a6db6a05..89b7c238fe48 100644
+--- a/src/stream.c
+++ b/src/stream.c
+@@ -1488,6 +1488,10 @@ int stream_set_http_mode(struct stream *s, const struct mux_proto_list *mux_prot
+ 		return 0;
+ 
+ 	conn = sc_conn(sc);
+
+	if (!sc_conn_ready(sc))
+		return 0;
+
+ 	if (conn) {
+ 		se_have_more_data(s->scf->sedesc);
+ 		/* Make sure we're unsubscribed, the the new
--- a/haproxy.spec
+++ b/haproxy.spec
@ -5,7 +5,7 @@

 Name:             haproxy
 Version:          2.9.5
-Release:          5
+Release:          6
 Summary:          The Reliable, High Performance TCP/HTTP Load Balancer

 License:          GPLv2+
@ -19,6 +19,7 @@ Source4:          %{name}.sysconfig
 Patch1:           backport-BUG-MINOR-server-source-interface-ignored-from-defau.patch
 Patch2:           Backport-CVE-2024-45506-BUG-MAJOR-mux-h2-always.patch
 Patch3:           CVE-2024-49214.patch
+Patch4:           backport-BUG-MEDIUM-stream-Prevent-mux-upgrades-if-client-con.patch

 BuildRequires:    gcc lua-devel pcre2-devel openssl-devel systemd-devel systemd libatomic
 Requires(pre):    shadow-utils
@ -123,6 +124,12 @@ exit 0
 %{_mandir}/man1/*

 %changelog
+* Thu Nov 21 2024 xinghe <xinghe2@h-partners.com> - 2.9.5-6
+- Type:bugfix
+- CVE:NA
+- SUG:NA
+- DESC:stream: Prevent mux upgrades if client connection is no longer ready
+
 * Mon Oct 14 2024 yaoxin <yao_xin001@hoperun.com> - 2.9.5-5
 - Fix CVE-2024-49214