From 3cc5991c9b0a450028ef0302be4b2b73b4350e93 Mon Sep 17 00:00:00 2001
From: Christopher Faulet <cfaulet@haproxy.com>
Date: Fri, 4 Jul 2025 08:32:05 +0200
Subject: [PATCH] BUG/MINOR: proto-tcp: Take care to initialized tcp_md5sig
 structure

When the TCP MD5 signature is enabled, on a listening socket or an outgoing
one, the tcp_md5sig structure must be initialized first.

It is a 3.3-specific issue. No backport needed.
---
 src/proto_tcp.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/src/proto_tcp.c b/src/proto_tcp.c
index 1e568fd86..b84a4c5e6 100644
--- a/src/proto_tcp.c
+++ b/src/proto_tcp.c
@@ -536,6 +536,7 @@ int tcp_connect_server(struct connection *conn, int flags)
 	if (srv && srv->tcp_md5sig) {
 		struct tcp_md5sig md5;
 
+		memset(&md5, 0, sizeof(md5));
 		if (conn->dst->ss_family == AF_INET)
 			memcpy(&md5.tcpm_addr, (struct sockaddr_in *)conn->dst, sizeof(struct sockaddr_in));
 		else
@@ -735,6 +736,7 @@ int tcp_bind_listener(struct listener *listener, char *errmsg, int errlen)
 	if (listener->bind_conf->tcp_md5sig) {
 		struct tcp_md5sig md5;
 
+		memset(&md5, 0, sizeof(md5));
 		if (listener->rx.addr.ss_family == AF_INET)
 			memcpy(&md5.tcpm_addr, (struct sockaddr_in *)&listener->rx.addr, sizeof(struct sockaddr_in));
 		else
-- 
2.47.3