mirrors/haproxy
1
0
Fork 0
mirror of https://git.haproxy.org/git/haproxy.git/ synced 2025-08-07 15:47:01 +02:00
Code Issues Projects Releases Wiki Activity

BUG/MEDIUM: lua: segfault if a converter or a sample doesn't return anything

Browse Source 
In the case of a Lua sample-fetch or converter doesn't return any
value, an acces outside the Lua stack can be performed. This patch
check the stack size before converting the top value to a HAProxy
internal sample.

A workaround consist to check that a value value is always returned
with sample fetches and converters.

This patch should be backported in the version 1.6 and 1.7
This commit is contained in:
Thierry FOURNIER 2017-05-12 16:32:20 +02:00 committed by Willy Tarreau
parent 1bfc24ba03
commit fd80df11c3
1 changed files with 8 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
src/hlua.c
View File

@ -5496,6 +5496,10 @@ static int hlua_sample_conv_wrapper(const struct arg *arg_p, struct sample *smp,
switch (hlua_ctx_resume(stream->hlua, 0)) {
/* finished. */
case HLUA_E_OK:
/* If the stack is empty, the function fails. */
if (lua_gettop(stream->hlua->T) <= 0)
return 0;
/* Convert the returned value in sample. */
hlua_lua2smp(stream->hlua->T, -1, smp);
lua_pop(stream->hlua->T, 1);
@ -5617,6 +5621,10 @@ static int hlua_sample_fetch_wrapper(const struct arg *arg_p, struct sample *smp
stream_int_retnclose(&stream->si[0], &msg);
return 0;
}
/* If the stack is empty, the function fails. */
if (lua_gettop(stream->hlua->T) <= 0)
return 0;
/* Convert the returned value in sample. */
hlua_lua2smp(stream->hlua->T, -1, smp);
lua_pop(stream->hlua->T, 1);