konevsa/haproxy
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

BUG/MINOR: connection: avoid null pointer dereference in send-proxy-v2

Browse Source 
found by coverity.

[wt: this bug was introduced by commit 404d978 ("MINOR: add ALPN
 information to send-proxy-v2"). It might be triggered by a health
 check on a server using ppv2 or by an applet making use of such a
 server, if at all configurable].

This needs to be backported to 1.8.
This commit is contained in:
Ilya Shipitsin 2018-09-15 00:50:05 +05:00 committed by Willy Tarreau
parent 2793578eaf
commit ca56fce8bd
1 changed files with 3 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
src/connection.c
View File

@ -996,6 +996,7 @@ int conn_recv_netscaler_cip(struct connection *conn, int flag)
return 0;
}
/* Note: <remote> is explicitly allowed to be NULL */
int make_proxy_line(char *buf, int buf_len, struct server *srv, struct connection *remote)
{
int ret = 0;
@ -1107,6 +1108,7 @@ static int make_tlv(char *dest, int dest_len, char type, uint16_t length, const
return length + sizeof(*tlv);
}
/* Note: <remote> is explicitly allowed to be NULL */
int make_proxy_line_v2(char *buf, int buf_len, struct server *srv, struct connection *remote)
{
const char pp2_signature[] = PP2_SIGNATURE;
@ -1191,7 +1193,7 @@ int make_proxy_line_v2(char *buf, int buf_len, struct server *srv, struct connec
ret += make_tlv(&buf[ret], (buf_len - ret), PP2_TYPE_CRC32C, sizeof(zero_crc32c), (const char *)&zero_crc32c);
}
if (conn_get_alpn(remote, &value, &value_len)) {
if (remote && conn_get_alpn(remote, &value, &value_len)) {
if ((buf_len - ret) < sizeof(struct tlv))
return 0;
ret += make_tlv(&buf[ret], (buf_len - ret), PP2_TYPE_ALPN, value_len, value);