mirror/haproxy
1
0
Fork 0
mirror of http://git.haproxy.org/git/haproxy.git synced 2026-02-22 09:13:30 +02:00
Code Issues Packages Projects Releases Wiki Activity
Files
27e1ec8ca97a5c95669efda7b7eebbd3e329ff76
haproxy/src
History
Frederic Lecaille 3e6d030ce2 BUG/MEDIUM: ssl: SSL backend sessions used after free 
This bug impacts only the backends. The sessions cached could be used after been
freed because of a missing write lock into ssl_sock_handle_hs_error() when freeing
such objects. This issue could be rarely reproduced and only with QUIC with
difficulties (random CRYPTO data corruptions and instrumented code).

Must be backported as far as 2.6.
2026-02-18 15:37:13 +01:00
..
_ceb_addr.c
_ceb_blk.c
_ceb_int.c
_ceb_str.c
acl.c
acme.c
action.c
activity.c
applet.c
MEDIUM: applet: Disable 0-copy for buffers of different size
2026-02-18 13:26:21 +01:00
arg.c
auth.c
backend.c
MEDIUM: backend: make "balance random" consider tg local req rate when loads are equal
2026-02-17 09:51:46 +01:00
base64.c
buf.c
MINOR: buffers: Swap buffers of same size only
2026-02-18 13:26:20 +01:00
cache.c
MEDIUM: cache: Don't rely on a chunk to store messages payload
2026-02-18 13:26:20 +01:00
calltrace.c
ceb32_tree.c
ceb64_tree.c
ceba_tree.c
cebb_tree.c
cebib_tree.c
cebis_tree.c
cebl_tree.c
cebs_tree.c
cebtree-dbg.c
cebtree-prv.h
cfgcond.c
cfgdiag.c
cfgparse-global.c
cfgparse-listen.c
cfgparse-peers.c
cfgparse-quic.c
cfgparse-ssl.c
cfgparse-tcp.c
cfgparse-unix.c
cfgparse.c
MINOR: config: reject configs using HTTP with large bufsize >= 256 MB
2026-02-18 13:26:21 +01:00
channel.c
check.c
chunk.c
MEDIUM: chunk: Add support for large chunks
2026-02-18 13:26:21 +01:00
cli.c
clock.c
compression.c
connection.c
counters.c
cpu_topo.c
cpuset.c
debug.c
dgram.c
dict.c
dns_ring.c
dns.c
dynbuf.c
MEDIUM: dynbuf: Add a pool for large buffers with a configurable size
2026-02-18 13:26:21 +01:00
eb32sctree.c
eb32tree.c
eb64tree.c
ebimtree.c
ebistree.c
ebmbtree.c
ebsttree.c
ebtree.c
ech.c
errors.c
ev_epoll.c
ev_evports.c
ev_kqueue.c
ev_poll.c
ev_select.c
event_hdl.c
extcheck.c
fcgi-app.c
fcgi.c
fd.c
filters.c
fix.c
flt_bwlim.c
flt_http_comp.c
MEDIUM: compression: Be sure to never compress more than a chunk at once
2026-02-18 13:26:21 +01:00
flt_spoe.c
flt_trace.c
MINOR: flt-trace: Add an option to limit the amount of data forwarded
2026-02-18 09:44:15 +01:00
freq_ctr.c
frontend.c
guid.c
h1_htx.c
MINOR: h1-htx: Disable 0-copy for buffers of different size
2026-02-18 13:26:21 +01:00
h1.c
h2.c
h3_stats.c
h3.c
MEDIUM: mux-h1/mux-h2/mux-fcgi/h3: Disable 0-copy for buffers of different size
2026-02-18 13:26:21 +01:00
haproxy.c
MEDIUM: dynbuf: Add a pool for large buffers with a configurable size
2026-02-18 13:26:21 +01:00
hash.c
hlua_fcn.c
hlua.c
MINOR: tree-wide: Use the buffer size instead of global setting when possible
2026-02-18 13:26:20 +01:00
hpack-dec.c
hpack-enc.c
hpack-huff.c
hpack-tbl.c
hq_interop.c
http_acl.c
http_act.c
MEDIUM: http-ana: Use a large buffer if necessary when waiting for body
2026-02-18 13:26:21 +01:00
http_ana.c
MINOR: dynbuf: Add helpers to know if a buffer is a default or a large buffer
2026-02-18 13:26:21 +01:00
http_client.c
http_conv.c
MEDIUM: sample: Get chunks with a size dependent on input data when necessary
2026-02-18 13:26:21 +01:00
http_ext.c
http_fetch.c
MEDIUM: http-fetch: Be able to use large chunks when necessary
2026-02-18 13:26:21 +01:00
http_htx.c
http_rules.c
http.c
httpclient_cli.c
htx.c
MINPR: htx: Get large chunk if necessary to perform a defrag
2026-02-18 13:26:21 +01:00
init.c
jwe.c
BUG/MEDIUM: jwe: fix timing side-channel and dead code in JWE decryption
2026-02-18 10:46:32 +01:00
jws.c
jwt.c
lb_chash.c
lb_fas.c
lb_fwlc.c
lb_fwrr.c
lb_map.c
lb_ss.c
limits.c
linuxcap.c
listener.c
log.c
lru.c
mailers.c
map.c
mjson.c
mqtt.c
mux_fcgi.c
MEDIUM: mux-h1/mux-h2/mux-fcgi/h3: Disable 0-copy for buffers of different size
2026-02-18 13:26:21 +01:00
mux_h1.c
MEDIUM: mux-h1/mux-h2/mux-fcgi/h3: Disable 0-copy for buffers of different size
2026-02-18 13:26:21 +01:00
mux_h2.c
MEDIUM: mux-h1/mux-h2/mux-fcgi/h3: Disable 0-copy for buffers of different size
2026-02-18 13:26:21 +01:00
mux_pt.c
mux_quic.c
BUG/MEDIUM: mux-h2/quic: Stop sending via fast-forward if stream is closed
2026-02-18 09:44:09 +01:00
mux_spop.c
mworker.c
namespace.c
ncbmbuf.c
ncbuf.c
net_helper.c
pattern.c
payload.c
MINOR: tree-wide: Use the buffer size instead of global setting when possible
2026-02-18 13:26:20 +01:00
peers.c
pipe.c
pool.c
proto_quic.c
proto_rhttp.c
proto_sockpair.c
proto_tcp.c
proto_udp.c
proto_uxdg.c
proto_uxst.c
protocol.c
proxy.c
MINOR: tree-wide: Use the buffer size instead of global setting when possible
2026-02-18 13:26:20 +01:00
qmux_http.c
BUG/MAJOR: Revert "MEDIUM: mux-quic: add BUG_ON if sending on locally closed QCS"
2026-02-17 18:18:44 +01:00
qmux_trace.c
qpack-dec.c
qpack-enc.c
qpack-tbl.c
queue.c
quic_ack.c
quic_cc_bbr.c
quic_cc_cubic.c
quic_cc_drs.c
quic_cc_newreno.c
quic_cc_nocc.c
quic_cc.c
quic_cid.c
quic_cli.c
quic_conn.c
quic_enc.c
quic_fctl.c
quic_frame.c
quic_loss.c
quic_openssl_compat.c
quic_pacing.c
quic_retransmit.c
quic_retry.c
quic_rules.c
quic_rx.c
quic_sock.c
quic_ssl.c
quic_stats.c
quic_stream.c
quic_tls.c
quic_token.c
quic_tp.c
quic_trace.c
quic_tx.c
raw_sock.c
regex.c
resolvers.c
ring.c
sample.c
MEDIUM: sample: Get chunks with a size dependent on input data when necessary
2026-02-18 13:26:21 +01:00
server_state.c
server.c
session.c
sha1.c
shctx.c
BUG/MEDIUM: shctx: Use the next block when data exactly filled a block
2026-02-18 09:44:15 +01:00
signal.c
sink.c
slz.c
sock_inet.c
sock_unix.c
sock.c
ssl_ckch.c
ssl_clienthello.c
ssl_crtlist.c
ssl_gencert.c
ssl_ocsp.c
ssl_sample.c
ssl_sock.c
BUG/MEDIUM: ssl: SSL backend sessions used after free
2026-02-18 15:37:13 +01:00
ssl_trace.c
ssl_utils.c
stats-file.c
stats-html.c
stats-json.c
stats-proxy.c
stats.c
stconn.c
MEDIUM: stconn: Properly handle large buffers during a receive
2026-02-18 13:26:21 +01:00
stick_table.c
stream.c
MINOR: dynbuf: Add helpers to know if a buffer is a default or a large buffer
2026-02-18 13:26:21 +01:00
systemd.c
task.c
tcp_act.c
tcp_rules.c
tcp_sample.c
tcpcheck.c
thread.c
time.c
tools.c
trace.c
uri_auth.c
uri_normalizer.c
vars.c
version.c
wdt.c
xprt_handshake.c
xprt_quic.c