From cdce54c2b7490e57e8f5d4a40875724d4e790eec Mon Sep 17 00:00:00 2001 From: Willy Tarreau Date: Tue, 12 Feb 2019 12:02:27 +0100 Subject: [PATCH] BUILD/MINOR: htx: fix some potential null-deref warnings with http_find_stline http_find_stline() carefully verifies that it finds a start line otherwise returns NULL when not found. But a few calling functions ignore this NULL in return and dereference this pointer without checking. Let's add the test where needed in the callers. If it turns out that over the long term a start line is mandatory, then the test will be removed and the faulty function will have to be simplified. This must be backported to 1.9. --- src/http_htx.c | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) diff --git a/src/http_htx.c b/src/http_htx.c index eb71354df..a8c87b766 100644 --- a/src/http_htx.c +++ b/src/http_htx.c @@ -220,6 +220,9 @@ int http_replace_req_meth(struct htx *htx, const struct ist meth) struct htx_sl *sl = http_find_stline(htx); struct ist uri, vsn; + if (!sl) + return 0; + /* Start by copying old uri and version */ chunk_memcat(temp, HTX_SL_REQ_UPTR(sl), HTX_SL_REQ_ULEN(sl)); /* uri */ uri = ist2(temp->area, HTX_SL_REQ_ULEN(sl)); @@ -241,6 +244,9 @@ int http_replace_req_uri(struct htx *htx, const struct ist uri) struct htx_sl *sl = http_find_stline(htx); struct ist meth, vsn; + if (!sl) + return 0; + /* Start by copying old method and version */ chunk_memcat(temp, HTX_SL_REQ_MPTR(sl), HTX_SL_REQ_MLEN(sl)); /* meth */ meth = ist2(temp->area, HTX_SL_REQ_MLEN(sl)); @@ -262,6 +268,9 @@ int http_replace_req_path(struct htx *htx, const struct ist path) struct ist meth, uri, vsn, p; size_t plen = 0; + if (!sl) + return 0; + uri = htx_sl_req_uri(sl); p = http_get_path(uri); if (!p.ptr) @@ -296,6 +305,9 @@ int http_replace_req_query(struct htx *htx, const struct ist query) struct ist meth, uri, vsn, q; int offset = 1; + if (!sl) + return 0; + uri = htx_sl_req_uri(sl); q = uri; while (q.len > 0 && *(q.ptr) != '?') { @@ -337,6 +349,9 @@ int http_replace_res_status(struct htx *htx, const struct ist status) struct htx_sl *sl = http_find_stline(htx); struct ist vsn, reason; + if (!sl) + return 0; + /* Start by copying old uri and version */ chunk_memcat(temp, HTX_SL_RES_VPTR(sl), HTX_SL_RES_VLEN(sl)); /* vsn */ vsn = ist2(temp->area, HTX_SL_RES_VLEN(sl)); @@ -358,6 +373,9 @@ int http_replace_res_reason(struct htx *htx, const struct ist reason) struct htx_sl *sl = http_find_stline(htx); struct ist vsn, status; + if (!sl) + return 0; + /* Start by copying old uri and version */ chunk_memcat(temp, HTX_SL_RES_VPTR(sl), HTX_SL_RES_VLEN(sl)); /* vsn */ vsn = ist2(temp->area, HTX_SL_RES_VLEN(sl));