commit - 0206e8c7a235411c6c9c9bda0aa8d03d5d760d9c
commit + 6c57d2002bb318a9069ae48355ab46ac64a3a7b5
blob - f2f5c7b78779b0e7d3cf2867034c6bd92c6e9eca
blob + faa8c2910471dba1402530878e483dbb830123b6
--- server.c
+++ server.c
struct proxy_protocol_v1 pp1 = {0};
char protostr[1024];
ssize_t ret;
- size_t left, copy, consumed;
+ size_t left, avail, copy, consumed;
int status;
if (!c->proxy_proto) {
return copy;
}
- /* buffer layer exists, we expect proxy protocol */
- ret = read(c->fd, c->buf.data + c->buf.len, BUFLAYER_MAX - c->buf.len);
+ avail = sizeof(c->buf.data) - c->buf.len - 1; /* for a NUL */
+ if (avail == 0) {
+ log_warnx("read_cb: overlong proxy protocol v1 header");
+ return -1;
+ }
+
+ ret = read(c->fd, c->buf.data + c->buf.len, avail);
if (ret == -1 && errno == EWOULDBLOCK)
return TLS_WANT_POLLIN;
-
+ if (ret <= 0)
+ return ret;
c->buf.len += ret;
+ if (memmem(c->buf.data, c->buf.len, "\r\n", 2) == NULL)
+ return TLS_WANT_POLLIN;
+
status = proxy_proto_v1_parse(&pp1, c->buf.data, c->buf.len, &consumed);
if (status == -1) {
log_warnx("read_cb: received invalid proxy protocol header");
