From 39b0efd9847a6aa1ce82a223a6f30c84a91d7171 Mon Sep 17 00:00:00 2001
From: immanuwell <pchpr.00@list.ru>
Date: Fri, 22 May 2026 08:28:14 +0400
Subject: [PATCH] fix: reject invalid traceparent flags

Signed-off-by: immanuwell <pchpr.00@list.ru>
---
 linkerd/trace-context/src/propagation/w3c.rs | 13 +++++++++++++
 1 file changed, 13 insertions(+)

diff --git a/linkerd/trace-context/src/propagation/w3c.rs b/linkerd/trace-context/src/propagation/w3c.rs
index b2b223a0b2..bacacd620d 100644
--- a/linkerd/trace-context/src/propagation/w3c.rs
+++ b/linkerd/trace-context/src/propagation/w3c.rs
@@ -59,6 +59,11 @@ fn parse_context(header_value: &str) -> Option<TraceContext> {
     let (trace_id, rest) = parse_header_value(rest, 16)?;
     let (parent_id, rest) = parse_header_value(rest, 8)?;
 
+    if rest.len() != 2 {
+        debug!(header = %HTTP_TRACEPARENT, flags = %rest, "Tracecontext flags must be exactly one byte");
+        return None;
+    }
+
     let flags = match hex::decode(rest) {
         // If valid hex, take final bit and AND with 1. W3C only uses one bit
         // for flags in version 00, and the bit is used to control sampling
@@ -123,6 +128,14 @@ mod tests {
         let actual = parse_context(input);
         assert!(actual.is_none());
 
+        let input = "00-94d7f6ec6b95f3e916179cb6cfd01390-55ccfce77f972614-0102";
+        let actual = parse_context(input);
+        assert!(actual.is_none());
+
+        let input = "00-94d7f6ec6b95f3e916179cb6cfd01390-55ccfce77f972614-";
+        let actual = parse_context(input);
+        assert!(actual.is_none());
+
         let input = "00-94d7f6ec6b95f3e916179cb6cfd01390-55ccfce77f972614";
         let actual = parse_context(input);
         assert!(actual.is_none());