]> git.kaiwu.me - haproxy.git/commit
projects / haproxy.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 7315428) | patch
BUG/MAJOR: qpack: unchecked length passed to huffman decoder
authorFrederic Lecaille <flecaille@haproxy.com>
Wed, 4 Mar 2026 13:02:28 +0000 (14:02 +0100)
committerFrederic Lecaille <flecaille@haproxy.com>
Thu, 5 Mar 2026 14:02:02 +0000 (15:02 +0100)
commite38b86e72c0a587b6311a56d45cd8c22286d2c8f
tree9b54b7de35349a0d6bfab88322ca4c7ea5d2017ctree | snapshot
parent731542861533ac2cb1d83cfeb366754e48cc7919commit | diff
BUG/MAJOR: qpack: unchecked length passed to huffman decoder

A call to huffman decoder function (huff_dec()) is made from qpack_decode_fs()
without checking the buffer length passed to this function, leading to OOB read
which can crash the process.

Thank you to Kamil Frankowicz for having reported this.

Must be backport as far as 2.6.
src/qpack-dec.c diff | blob | history
haproxy upstream