From 3892d1675d6b70a66a677cf9caa9a11209cc0c0e Mon Sep 17 00:00:00 2001
From: changhan <changhan@xfusion.com>
Date: Thu, 17 Apr 2025 10:48:21 +0000
Subject: [PATCH 1/2] fix CVE-2025-32464

Signed-off-by: changhan <changhan@xfusion.com>
---
 CVE-2025-32464.patch | 25 +++++++++++++++++++++++++
 1 file changed, 25 insertions(+)
 create mode 100644 CVE-2025-32464.patch

diff --git a/CVE-2025-32464.patch b/CVE-2025-32464.patch
new file mode 100644
index 0000000..4810c76
--- /dev/null
+++ b/CVE-2025-32464.patch
@@ -0,0 +1,25 @@
+From 1fd31d007791d93c561cda427521b8590e108ee6 Mon Sep 17 00:00:00 2001
+From: changhan <changhan@xfusion.com>
+Date: Thu, 17 Apr 2025 17:05:56 +0800
+Subject: [PATCH] CVE-2025-32464
+
+---
+ src/sample.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/sample.c b/src/sample.c
+index 89de612..f45acd9 100644
+--- a/src/sample.c
++++ b/src/sample.c
+@@ -3130,7 +3130,7 @@ static int sample_conv_regsub(const struct arg *arg_p, struct sample *smp, void
+ 		output->data = exp_replace(output->area, output->size, start, arg_p[1].data.str.area, pmatch);
+ 
+ 		/* replace the matching part */
+-		max = output->size - output->data;
++		max = trash->size - trash->data;
+ 		if (max) {
+ 			if (max > output->data)
+ 				max = output->data;
+-- 
+2.33.0
+
-- 
Gitee


From 414a04ca843a21bd958391383cd5786e9121312b Mon Sep 17 00:00:00 2001
From: changhan <changhan@xfusion.com>
Date: Thu, 17 Apr 2025 10:50:56 +0000
Subject: [PATCH 2/2] fix CVE-2025-32464

Signed-off-by: changhan <changhan@xfusion.com>
---
 haproxy.spec | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

diff --git a/haproxy.spec b/haproxy.spec
index 8b70774..fcc5660 100644
--- a/haproxy.spec
+++ b/haproxy.spec
@@ -5,7 +5,7 @@
 
 Name:             haproxy
 Version:          2.9.5
-Release:          8
+Release:          9
 Summary:          The Reliable, High Performance TCP/HTTP Load Balancer
 
 License:          GPLv2+
@@ -25,6 +25,7 @@ Patch6:           CVE-2024-53008-2.patch
 Patch7:           backport-BUG-MEDIUM-queues-Do-not-use-pendconn_grab_from_px.patch
 Patch8:           backport-BUG-MEDIUM-queues-Make-sure-we-call-process_srv_queu.patch
 Patch9:           backport-BUG-MEDIUM-queue-Make-process_srv_queue-return-the-n.patch
+Patch10:          CVE-2025-32464.patch
 
 BuildRequires:    gcc lua-devel pcre2-devel openssl-devel systemd-devel systemd libatomic
 Requires(pre):    shadow-utils
@@ -129,6 +130,12 @@ exit 0
 %{_mandir}/man1/*
 
 %changelog
+* Thu Apr 17 2025 changhan <changhan@xfusion.com> - 2.9.5-9
+- Type:CVE
+- CVE:CVE-2025-32464
+- SUG:NA
+- DESC:fix CVE-2025-32464
+
 * Mon Mar 17 2025 yanglu <yanglu72@h-partners.com> - 2.9.5-8
 - Type:bugfix
 - CVE:NA
-- 
Gitee