Sorry, after analyzing the code again, it's not a security issue since
the ancillary buffer can only hold one file descriptor. Forget
everything that I said and focus on # 1 instead.
On 7/20/21 1:48 AM, Lukas Tribus wrote:
Hello,
On Tue, 20 Jul 2021 at 08:13, Peter Jin <[email protected]> wrote:
2. There is a stack buffer overflow found in one of the files. Not
disclosing it here because this email will end up on the public mailing
list. If there is a "security" email address I could disclose it to,
what is it?
It's [email protected], it's somehow well hidden in doc/intro.txt
(that is the *starter* guide).
I would definitely suggest putting it on the website haproxy.org, and
in the repository move it to a different file, like MAINTAINERS.
Lukas
