mirrors/haproxy
1
0
Fork 0
mirror of https://git.haproxy.org/git/haproxy.git/ synced 2025-09-22 06:11:32 +02:00
Code Issues Projects Releases Wiki Activity

BUG/MINOR: mworker-prog: Fix segmentation fault during cfgparse

Browse Source 
Consider this configuration:

    frontend fe_http
    	mode http
    	bind *:8080

    	default_backend be_http

    backend be_http
    	mode http
    	server example example.com:80

    program foo bar

Running with valgrind results in:

    ==16252== Invalid read of size 8
    ==16252==    at 0x52AE3F: cfg_parse_program (mworker-prog.c:233)
    ==16252==    by 0x4823B3: readcfgfile (cfgparse.c:2180)
    ==16252==    by 0x47BCED: init (haproxy.c:1649)
    ==16252==    by 0x404E22: main (haproxy.c:2714)
    ==16252==  Address 0x48 is not stack'd, malloc'd or (recently) free'd

Check whether `ext_child` is valid before attempting to free it and its
contents.

This bug was introduced in 9a1ee7ac31c56fd7d881adf2ef4659f336e50c9f.
This fix must be backported to HAProxy 2.0.
This commit is contained in:
Tim Duesterhus 2019-06-23 22:10:12 +02:00 committed by William Lallemand
parent 3c55efb7dd
commit 2c9e274f45
1 changed files with 15 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
src/mworker-prog.c
View File

@ -230,6 +230,7 @@ int cfg_parse_program(const char *file, int linenum, char **args, int kwm)
return err_code; return err_code;
error: error:
if (ext_child) {
LIST_DEL(&ext_child->list); LIST_DEL(&ext_child->list);
if (ext_child->command) { if (ext_child->command) {
int i; int i;
@ -247,6 +248,7 @@ error:
free(ext_child->id); free(ext_child->id);
ext_child->id = NULL; ext_child->id = NULL;
} }
}
free(ext_child); free(ext_child);
ext_child = NULL; ext_child = NULL;