From 24da7e1aa6dba2dd97ec02245d80c619f5114abe Mon Sep 17 00:00:00 2001 From: Thayne McCombs Date: Tue, 5 Jan 2021 23:10:09 -0700 Subject: [PATCH] BUG/MEDIUM: server: srv_set_addr_desc() crashes when a server has no address GitHub Issue #1026 reported a crash during configuration check for the following example config: backend 0 server 0 0 server 0 0 HAProxy crashed in srv_set_addr_desc() due to a NULL pointer dereference caused by `sa2str` returning NULL for an `AF_UNSPEC` address (`0`). Check to make sure the address key is non-null before using it for comparison or inserting it into the tree. The crash was introduced in commit 92149f9a8 ("MEDIUM: stick-tables: Add srvkey option to stick-table") which not in any released version so no backport is needed. Cc: Tim Duesterhus --- src/server.c | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/src/server.c b/src/server.c index 50c6da131..d1aa51dc8 100644 --- a/src/server.c +++ b/src/server.c @@ -204,7 +204,7 @@ static void srv_set_addr_desc(struct server *s) key = sa2str(&s->addr, s->svc_port, s->flags & SRV_F_MAPPORTS); if (s->addr_node.key) { - if (strcmp(key, s->addr_node.key) == 0) { + if (key && strcmp(key, s->addr_node.key) == 0) { free(key); return; } @@ -218,9 +218,11 @@ static void srv_set_addr_desc(struct server *s) s->addr_node.key = key; - HA_RWLOCK_WRLOCK(PROXY_LOCK, &p->lock); - ebis_insert(&p->used_server_addr, &s->addr_node); - HA_RWLOCK_WRUNLOCK(PROXY_LOCK, &p->lock); + if (s->addr_node.key) { + HA_RWLOCK_WRLOCK(PROXY_LOCK, &p->lock); + ebis_insert(&p->used_server_addr, &s->addr_node); + HA_RWLOCK_WRUNLOCK(PROXY_LOCK, &p->lock); + } } /*