mirrors/haproxy
1
0
Fork 0
mirror of https://git.haproxy.org/git/haproxy.git/ synced 2026-03-15 12:01:37 +01:00
Code Issues Projects Releases Wiki Activity

BUG/MINOR: proxy: detect strdup error on server auto SNI

Browse Source 
There was no check on the result of strdup() used to setup auto SNI on a
server instance during check config validity. In case of failure, the
error would be silently ignored as the following server_parse_exprs()
does nothing when <sni_expr> server field is NULL. Hence, no SNI would
be used on the server, without any error nor warning reported.

Fix this by adding a check on strdup() return value. On error, ERR_ABORT
is reported along with an alert, parsing should be interrupted as soon
as possible.

This must be backported up to 3.3. Note that the related code in this
case is present in cfgparse.c source file.
This commit is contained in:
Amaury Denoyelle 2026-02-19 16:04:04 +01:00
parent f5a182c7e7
commit 2b0fc33114
1 changed files with 7 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
src/proxy.c
View File

@ -2543,6 +2543,13 @@ int proxy_finalize(struct proxy *px, int *err_code)
if (!newsrv->sni_expr && newsrv->proxy->mode == PR_MODE_HTTP &&
!(newsrv->ssl_ctx.options & SRV_SSL_O_NO_AUTO_SNI)) {
newsrv->sni_expr = strdup("req.hdr(host),field(1,:)");
if (!newsrv->sni_expr) {
ha_alert("parsing [%s:%d]: out of memory while generating server auto SNI expression.\n",
newsrv->conf.file, newsrv->conf.line);
cfgerr++;
*err_code |= ERR_ALERT | ERR_ABORT;
goto out;
}
err = NULL;
if (server_parse_exprs(newsrv, px, &err)) {