From: Willy Tarreau <w@1wt.eu>
Date: Wed, 29 Apr 2026 07:36:03 +0000 (+0200)
Subject: BUG/MINOR: net_helper: fix incomplete decoding in sample_conv_eth_vlan
X-Git-Tag: v3.4-dev10~3
X-Git-Url: http://www.kaiwu.me/postgresql/commit/static/gitweb.js?a=commitdiff_plain;h=80ca27be4274ffa2bebd39871747b4a73c393980;p=haproxy.git

BUG/MINOR: net_helper: fix incomplete decoding in sample_conv_eth_vlan

sample_conv_eth_vlan() reads the VLAN TCI at area[idx + 2] without
ensuring there are enough bytes. The original condition 'idx + 4 < data'
breaks when there IS room for more data, leading to an incomplete read
when trying to decode a VLAN ID.

This can be backported where this converter was backported.
---

diff --git a/src/net_helper.c b/src/net_helper.c
index 6b46bfe5e..e71abd9b0 100644
--- a/src/net_helper.c
+++ b/src/net_helper.c
@@ -110,9 +110,8 @@ static int sample_conv_eth_vlan(const struct arg *arg_p, struct sample *smp, voi
 			smp->flags &= ~SMP_F_CONST;
 			return !!vlan;
 		}
-		if (idx + 4 < smp->data.u.str.data)
+		if (idx + 4 > smp->data.u.str.data)
 			break;
-
 		vlan = read_n16(smp->data.u.str.area + idx + 2) & 0xfff;
 	}
 	/* incomplete header */