BUG/MEDIUM: proxy: Perform a custom copy for default server settings

When a proxy is initialized with the settings of the default proxy, instead of doing a raw copy of the default server settings, a custom copy is now performed by calling srv_settings_copy(). This way, all settings will be really duplicated. Without this deep copy, some pointers are shared between several servers, leading to UAF, double-free or such bugs. This patch relies on following commits: * b32cb9b51 REORG: server: Export srv_settings_cpy() function * 0b365e3cb MINOR: server: Constify source server to copy its settings This patch should fix the issue #1804. It must be backported as far as 2.0.
2025-09-21 05:41:26 +02:00 · 2022-08-03 11:31:55 +02:00 · 2022-08-03 11:31:55 +02:00 · 6bb86539db
commit 6bb86539db
parent b32cb9b515
1 changed files with 1 additions and 1 deletions
--- a/src/proxy.c
+++ b/src/proxy.c
@ -1631,7 +1631,7 @@ static int proxy_defproxy_cpy(struct proxy *curproxy, const struct proxy *defpro
 	char *tmpmsg = NULL;

 	/* set default values from the specified default proxy */
-	memcpy(&curproxy->defsrv, &defproxy->defsrv, sizeof(curproxy->defsrv));
+	srv_settings_cpy(&curproxy->defsrv, &defproxy->defsrv, 0);

 	curproxy->flags = (defproxy->flags & PR_FL_DISABLED); /* Only inherit from disabled flag */
 	curproxy->options = defproxy->options;