From 886a248be4d480a095b6aac40b28d8386b79d9c2 Mon Sep 17 00:00:00 2001 From: Christopher Faulet Date: Mon, 25 Aug 2025 08:14:46 +0200 Subject: [PATCH] BUG/MEDIUM: mux-spop: Reject connection attempts from a non-spop frontend It is possible to crash the process by initializing a connection to a SPOP server from a non-spop frontend. It is of course unexpected and invalid. And there are some checks to prevent that when the configuration is loaded. However, it is not possible to handle all cases, especially the "use_backend" rules relying on log-format strings. It could be good to improve the backend selection by checking the mode compatibility (for now, it is only performed for the HTTP). But at the end, this can also be handled by the SPOP multiplexer when it is initialized. If the opposite SD is not attached to an SPOE agent, we should fail the mux initialization and return an internal error. This patch must be backported as far as 3.1. --- src/mux_spop.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/src/mux_spop.c b/src/mux_spop.c index 10355f148..95000e02b 100644 --- a/src/mux_spop.c +++ b/src/mux_spop.c @@ -712,10 +712,13 @@ static int spop_init(struct connection *conn, struct proxy *px, struct session * sdo = spop_strm_opposite_sd(spop_strm); if (sdo) { spop_conn->agent = spoe_appctx_agent(sc_appctx(sdo->sc)); + if (!spop_conn->agent) { + TRACE_ERROR("not a SPOP stream", SPOP_EV_SPOP_CONN_NEW|SPOP_EV_SPOP_CONN_END|SPOP_EV_SPOP_CONN_ERR, spop_conn->conn); + goto fail; + } spop_conn->max_frame_size = spop_conn->agent->max_frame_size; if (spop_conn->agent->flags & SPOE_FL_PIPELINING) spop_conn->streams_limit = 20; - BUG_ON(!spop_conn->agent); } /* Repare to read something */