From 633f3bffedd7c48b921ad10e5164ee6b0e1d79a2 Mon Sep 17 00:00:00 2001 From: Christopher Faulet Date: Fri, 18 May 2018 14:46:32 +0200 Subject: [PATCH] BUG/MEDIUM: contrib/modsecurity: Use network order to encode/decode flags A recent fix on the SPOE revealed a mismatch between the SPOE specification and the modsecurity implementation on the way flags are encoded or decoded. They must be exchanged using the network bytes order and not the host one. Be careful though, this patch breaks the compatiblity with HAProxy SPOE before commit c4dcaff3 ("BUG/MEDIUM: spoe: Flags are not encoded in network order"). --- contrib/modsecurity/spoa.c | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/contrib/modsecurity/spoa.c b/contrib/modsecurity/spoa.c index 506ff8245..ab3e8b2b1 100644 --- a/contrib/modsecurity/spoa.c +++ b/contrib/modsecurity/spoa.c @@ -465,6 +465,7 @@ handle_hahello(struct spoe_frame *frame) /* Retrieve flags */ memcpy((char *)&(frame->flags), p, 4); + frame->flags = ntohl(frame->flags); p += 4; /* Fragmentation is not supported for HELLO frame */ @@ -572,6 +573,7 @@ handle_hadiscon(struct spoe_frame *frame) /* Retrieve flags */ memcpy((char *)&(frame->flags), p, 4); + frame->flags = ntohl(frame->flags); p += 4; /* Fragmentation is not supported for DISCONNECT frame */ @@ -653,6 +655,7 @@ handle_hanotify(struct spoe_frame *frame) /* Retrieve flags */ memcpy((char *)&(frame->flags), p, 4); + frame->flags = ntohl(frame->flags); p += 4; /* Fragmentation is not supported */ @@ -715,6 +718,7 @@ handle_hafrag(struct spoe_frame *frame) /* Retrieve flags */ memcpy((char *)&(frame->flags), p, 4); + frame->flags = ntohl(frame->flags); p+= 4; /* Read the stream-id and frame-id */ @@ -777,6 +781,7 @@ prepare_agenthello(struct spoe_frame *frame) *p++ = SPOE_FRM_T_AGENT_HELLO; /* Set flags */ + flags = htonl(flags); memcpy(p, (char *)&flags, 4); p += 4; @@ -858,6 +863,7 @@ prepare_agentdicon(struct spoe_frame *frame) *p++ = SPOE_FRM_T_AGENT_DISCON; /* Set flags */ + flags = htonl(flags); memcpy(p, (char *)&flags, 4); p += 4; @@ -905,6 +911,7 @@ prepare_agentack(struct spoe_frame *frame) *p++ = SPOE_FRM_T_AGENT_ACK; /* Set flags */ + flags = htonl(flags); memcpy(p, (char *)&flags, 4); p += 4;