mirror of
https://git.haproxy.org/git/haproxy.git/
synced 2025-09-23 06:41:32 +02:00
8436c910f5
In http_build_7239_header_nodename(), ip6 address dumping is performed at a single place to prevent code duplication: A goto statement combined with a local pointer variable (ip6_addr) were used to perform ipv6 dump from different calling places inside the function. However, when the goto was performed (ie: sample expression handling), ip6_addr pointer was assigned to limited scope variable's address that is not valid within the dumping code. Because of this, we have an undefined behavior that could result in a bug or a crash depending on the platform that is running haproxy. This was found by Coverity (GH #2018) To fix this, we add a simple ip6 printing helper that takes the ip6_addr pointer as an argument. This prevents any scope related bug as the function is executed under the proper context. if/else guards inside the function were reviewed to make sure that the goto removal won't affect existing behavior. ---------- No backport needed, except if the commit ("MINOR: proxy/http_ext: introduce proxy forwarded option") is backported. Given that this commit needs to be backported with "MINOR: proxy/http_ext: introduce proxy forwarded option", We're using it as a reminder for another bug that was introduced with "MINOR: proxy/http_ext: introduce proxy forwarded option" but has been silently fixed since with "MEDIUM: proxy/http_ext: implement dynamic http_ext". If "MINOR: proxy/http_ext: introduce proxy forwarded option" needs to be backported without "MEDIUM: proxy/http_ext: implement dynamic http_ext", you should manually apply the following patch on top of it: | diff --git a/src/http_ext.c b/src/http_ext.c | index fcb5a07bc..3921357a3 100644 | --- a/src/http_ext.c | +++ b/src/http_ext.c | @@ -609,7 +609,7 @@ static inline void http_build_7239_header_node(struct buffer *out, | if (forby->np_mode) | chunk_appendf(out, "\""); | offset_save = out->data; | - http_build_7239_header_node(out, s, curproxy, addr, &curproxy->http.fwd.p_by); | + http_build_7239_header_nodename(out, s, curproxy, addr, forby); | if (offset_save == out->data) { | /* could not build nodename, either because some | * data is not available or user is providing bad input | @@ -619,7 +619,7 @@ static inline void http_build_7239_header_node(struct buffer *out, | if (forby->np_mode) { | chunk_appendf(out, ":"); | offset_save = out->data; | - http_build_7239_header_nodeport(out, s, curproxy, addr, &curproxy->http.fwd.p_by); | + http_build_7239_header_nodeport(out, s, curproxy, addr, forby); | if (offset_save == out->data) { | /* could not build nodeport, either because some data is | * not available or user is providing bad input (If you don't, forwarded option won't work properly and will crash haproxy (stack overflow) when building 'for' or 'by' parameter)
The HAProxy documentation has been split into a number of different files for ease of use. Please refer to the following files depending on what you're looking for : - INSTALL for instructions on how to build and install HAProxy - BRANCHES to understand the project's life cycle and what version to use - LICENSE for the project's license - CONTRIBUTING for the process to follow to submit contributions The more detailed documentation is located into the doc/ directory : - doc/intro.txt for a quick introduction on HAProxy - doc/configuration.txt for the configuration's reference manual - doc/lua.txt for the Lua's reference manual - doc/SPOE.txt for how to use the SPOE engine - doc/network-namespaces.txt for how to use network namespaces under Linux - doc/management.txt for the management guide - doc/regression-testing.txt for how to use the regression testing suite - doc/peers.txt for the peers protocol reference - doc/coding-style.txt for how to adopt HAProxy's coding style - doc/internals for developer-specific documentation (not all up to date)