File 0001-BUG-MAJOR-http-htx-prevent-unbounded-loop-in-http_ma.patch of Package haproxy.27763

From bfb15ab34ead85f64cd6da0e9fb418c9cd14cee8 Mon Sep 17 00:00:00 2001
From: Andrew McDermott <>
Date: Fri, 11 Feb 2022 18:26:49 +0000
Subject: [PATCH 1/1] BUG/MAJOR: http/htx: prevent unbounded loop in

Ensure calls to http_find_header() terminate. If a "Set-Cookie2"
header is found then the while(1) loop in
http_manage_server_side_cookies() will never terminate, resulting in
the watchdog firing and the process terminating via SIGABRT.

The while(1) loop becomes unbounded because an unmatched call to
http_find_header("Set-Cookie") will leave ctx->blk=NULL. Subsequent
calls to check for "Set-Cookie2" will now enumerate from the beginning
of all the blocks and will once again match on subsequent
passes (assuming a match first time around), hence the loop becoming

This issue was introduced with HTX and this fix should be backported
to all versions supporting HTX.

Many thanks to Grant Spence ( for working through
this issue with me.
 src/http_ana.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/http_ana.c b/src/http_ana.c
index 715dd3a5c..c2d9d9b43 100644
--- a/src/http_ana.c
+++ b/src/http_ana.c
@@ -3418,7 +3418,7 @@ static void http_manage_server_side_cookies(struct stream *s, struct channel *re
 	while (1) {
 		int is_first = 1;
-		if (!http_find_header(htx, ist("Set-Cookie"), &ctx, 1)) {
+		if (is_cookie2 || !http_find_header(htx, ist("Set-Cookie"), &ctx, 1)) {
 			if (!http_find_header(htx, ist("Set-Cookie2"), &ctx, 1))
 			is_cookie2 = 1;

openSUSE Build Service is sponsored by