mirrors/haproxy
1
0
Fork 0
mirror of https://git.haproxy.org/git/haproxy.git/ synced 2025-09-22 14:21:25 +02:00
Code Issues Projects Releases Wiki Activity

BUG/MEDIUM: ssl_sample: fix segfault for srv samples on invalid request

Browse Source 
Some ssl samples cause a segfault when the stream is not instantiated,
for example during an invalid HTTP request. A new check is added to
prevent the stream dereferencing if NULL.

This is the list of the affected samples :
- ssl_s_chain_der
- ssl_s_der
- ssl_s_i_dn
- ssl_s_key_alg
- ssl_s_notafter
- ssl_s_notbefore
- ssl_s_s_dn
- ssl_s_serial
- ssl_s_sha1
- ssl_s_sig_alg
- ssl_s_version

This bug can be reproduced easily by using one of these samples in a
log-format string. Emit an invalid HTTP request with an HTTP client to
trigger the crash.

This bug has been reported in redmine issue 3913.

This must be backported up to 2.2.
This commit is contained in:
Amaury Denoyelle 2021-07-21 11:50:12 +02:00
parent 534197c721
commit 5fcd428c35
1 changed files with 11 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

22
src/ssl_sample.c
View File

@ -101,7 +101,7 @@ smp_fetch_ssl_x_der(const struct arg *args, struct sample *smp, const char *kw,
SSL *ssl; SSL *ssl;
if (conn_server) if (conn_server)
conn = cs_conn(objt_cs(smp->strm->si[1].end)); conn = smp->strm ? cs_conn(objt_cs(smp->strm->si[1].end)) : NULL;
else else
conn = objt_conn(smp->sess->origin); conn = objt_conn(smp->sess->origin);
@ -156,7 +156,7 @@ smp_fetch_ssl_x_chain_der(const struct arg *args, struct sample *smp, const char
int i; int i;
if (conn_server) if (conn_server)
conn = cs_conn(objt_cs(smp->strm->si[1].end)); conn = smp->strm ? cs_conn(objt_cs(smp->strm->si[1].end)) : NULL;
else else
conn = objt_conn(smp->sess->origin); conn = objt_conn(smp->sess->origin);
@ -219,7 +219,7 @@ smp_fetch_ssl_x_serial(const struct arg *args, struct sample *smp, const char *k
SSL *ssl; SSL *ssl;
if (conn_server) if (conn_server)
conn = cs_conn(objt_cs(smp->strm->si[1].end)); conn = smp->strm ? cs_conn(objt_cs(smp->strm->si[1].end)) : NULL;
else else
conn = objt_conn(smp->sess->origin); conn = objt_conn(smp->sess->origin);
ssl = ssl_sock_get_ssl_object(conn); ssl = ssl_sock_get_ssl_object(conn);
@ -272,7 +272,7 @@ smp_fetch_ssl_x_sha1(const struct arg *args, struct sample *smp, const char *kw,
SSL *ssl; SSL *ssl;
if (conn_server) if (conn_server)
conn = cs_conn(objt_cs(smp->strm->si[1].end)); conn = smp->strm ? cs_conn(objt_cs(smp->strm->si[1].end)) : NULL;
else else
conn = objt_conn(smp->sess->origin); conn = objt_conn(smp->sess->origin);
@ -323,7 +323,7 @@ smp_fetch_ssl_x_notafter(const struct arg *args, struct sample *smp, const char
SSL *ssl; SSL *ssl;
if (conn_server) if (conn_server)
conn = cs_conn(objt_cs(smp->strm->si[1].end)); conn = smp->strm ? cs_conn(objt_cs(smp->strm->si[1].end)) : NULL;
else else
conn = objt_conn(smp->sess->origin); conn = objt_conn(smp->sess->origin);
@ -375,7 +375,7 @@ smp_fetch_ssl_x_i_dn(const struct arg *args, struct sample *smp, const char *kw,
SSL *ssl; SSL *ssl;
if (conn_server) if (conn_server)
conn = cs_conn(objt_cs(smp->strm->si[1].end)); conn = smp->strm ? cs_conn(objt_cs(smp->strm->si[1].end)) : NULL;
else else
conn = objt_conn(smp->sess->origin); conn = objt_conn(smp->sess->origin);
@ -443,7 +443,7 @@ smp_fetch_ssl_x_notbefore(const struct arg *args, struct sample *smp, const char
SSL *ssl; SSL *ssl;
if (conn_server) if (conn_server)
conn = cs_conn(objt_cs(smp->strm->si[1].end)); conn = smp->strm ? cs_conn(objt_cs(smp->strm->si[1].end)) : NULL;
else else
conn = objt_conn(smp->sess->origin); conn = objt_conn(smp->sess->origin);
@ -495,7 +495,7 @@ smp_fetch_ssl_x_s_dn(const struct arg *args, struct sample *smp, const char *kw,
SSL *ssl; SSL *ssl;
if (conn_server) if (conn_server)
conn = cs_conn(objt_cs(smp->strm->si[1].end)); conn = smp->strm ? cs_conn(objt_cs(smp->strm->si[1].end)) : NULL;
else else
conn = objt_conn(smp->sess->origin); conn = objt_conn(smp->sess->origin);
@ -592,7 +592,7 @@ smp_fetch_ssl_x_version(const struct arg *args, struct sample *smp, const char *
SSL *ssl; SSL *ssl;
if (conn_server) if (conn_server)
conn = cs_conn(objt_cs(smp->strm->si[1].end)); conn = smp->strm ? cs_conn(objt_cs(smp->strm->si[1].end)) : NULL;
else else
conn = objt_conn(smp->sess->origin); conn = objt_conn(smp->sess->origin);
ssl = ssl_sock_get_ssl_object(conn); ssl = ssl_sock_get_ssl_object(conn);
@ -637,7 +637,7 @@ smp_fetch_ssl_x_sig_alg(const struct arg *args, struct sample *smp, const char *
SSL *ssl; SSL *ssl;
if (conn_server) if (conn_server)
conn = cs_conn(objt_cs(smp->strm->si[1].end)); conn = smp->strm ? cs_conn(objt_cs(smp->strm->si[1].end)) : NULL;
else else
conn = objt_conn(smp->sess->origin); conn = objt_conn(smp->sess->origin);
@ -694,7 +694,7 @@ smp_fetch_ssl_x_key_alg(const struct arg *args, struct sample *smp, const char *
SSL *ssl; SSL *ssl;
if (conn_server) if (conn_server)
conn = cs_conn(objt_cs(smp->strm->si[1].end)); conn = smp->strm ? cs_conn(objt_cs(smp->strm->si[1].end)) : NULL;
else else
conn = objt_conn(smp->sess->origin); conn = objt_conn(smp->sess->origin);
ssl = ssl_sock_get_ssl_object(conn); ssl = ssl_sock_get_ssl_object(conn);