Package: haproxy / 1.5.8-3+deb8u2

from-upstream/0009-BUG-MEDIUM-payload-ensure-that-a-request-channel-is-.patch Patch series | download
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
From 92a009fca26ed45bb8ad64666a993dcfb86617de Mon Sep 17 00:00:00 2001
From: Willy Tarreau <w@1wt.eu>
Date: Wed, 26 Nov 2014 13:24:24 +0100
Subject: [PATCH 9/9] BUG/MEDIUM: payload: ensure that a request channel is
 available

Denys Fedoryshchenko reported a segfault when using certain
sample fetch functions in the "tcp-request connection" rulesets
despite the warnings. This is because some tests for the existence
of the channel were missing.

The fetches which were fixed are :
  - req.ssl_hello_type
  - rep.ssl_hello_type
  - req.ssl_sni

This fix must be backported to 1.5.
(cherry picked from commit 83f2592bcd2e186beeabcba16be16faaab82bd39)
---
 src/payload.c | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/src/payload.c b/src/payload.c
index 4057f6f85601..f62163c4143c 100644
--- a/src/payload.c
+++ b/src/payload.c
@@ -72,6 +72,9 @@ smp_fetch_ssl_hello_type(struct proxy *px, struct session *s, void *l7, unsigned
 
 	chn = ((opt & SMP_OPT_DIR) == SMP_OPT_DIR_RES) ? s->rep : s->req;
 
+	if (!chn)
+		goto not_ssl_hello;
+
 	bleft = chn->buf->i;
 	data = (const unsigned char *)chn->buf->p;
 
@@ -276,6 +279,9 @@ smp_fetch_ssl_hello_sni(struct proxy *px, struct session *s, void *l7, unsigned
 
 	chn = ((opt & SMP_OPT_DIR) == SMP_OPT_DIR_RES) ? s->rep : s->req;
 
+	if (!chn)
+		goto not_ssl_hello;
+
 	bleft = chn->buf->i;
 	data = (unsigned char *)chn->buf->p;
 
-- 
2.1.3