LILiK
/
openwrt-packages-dist
5
0
Fork 0
Code Issues 0 Pull Requests 0 Projects 0 Releases 0 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
3217 Commits
1 Branch
46 MiB
Tree: 54e6887881
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '54e6887881'
${ noResults }
openwrt-packages-dist/net/haproxy/patches/0007-BUG-MAJOR-checks-alway...

90 lines
3.5 KiB
Raw Normal View History

haproxy: add patches from upstream - [PATCH 1/2] BUG/MEDIUM: stats: properly initialize the scope before - [PATCH 2/2] BUG/MEDIUM: http: don't forward client shutdown without - [PATCH 3/8] BUG/MINOR: check: fix tcpcheck error message - [PATCH 4/8] CLEANUP: checks: fix double usage of cur / current_step - [PATCH 5/8] BUG/MEDIUM: checks: do not dereference head of a - [PATCH 6/8] CLEANUP: checks: simplify the loop processing of - [PATCH 7/8] BUG/MAJOR: checks: always check for end of list before - [PATCH 8/8] BUG/MEDIUM: checks: do not dereference a list as a - [PATCH 09/10] BUG/MEDIUM: peers: apply a random reconnection timeout - [PATCH 10/10] DOC: Update doc about weight, act and bck fields in the - [PATCH 11/14] MINOR: ssl: add a destructor to free allocated SSL - [PATCH 12/14] BUG/MEDIUM: ssl: fix tune.ssl.default-dh-param value - [PATCH 13/14] BUG/MINOR: cfgparse: fix typo in 'option httplog' error - [PATCH 14/14] BUG/MEDIUM: cfgparse: segfault when userlist is misused Signed-off-by: heil <heil@terminal-consulting.de>
10 years ago
 
  1. From 97fccc87f1297d189ee80735e5b8746c34956eda Mon Sep 17 00:00:00 2001
  2. From: Willy Tarreau <w@1wt.eu>
  3. Date: Wed, 13 May 2015 12:08:21 +0200
  4. Subject: [PATCH 7/8] BUG/MAJOR: checks: always check for end of list before
  5.  proceeding
  6. 

  7. This is the most important fix of this series. There's a risk of endless
  8. loop and crashes caused by the fact that we go past the head of the list
  9. when skipping to next rule, without checking if it's still a valid element.
  10. Most of the time, the ->action field is checked, which points to the proxy's
  11. check_req pointer (generally NULL), meaning the element is confused with a
  12. TCPCHK_ACT_SEND action.
  13. 

  14. The situation was accidently made worse with the addition of tcp-check
  15. comment since it also skips list elements. However, since the action that
  16. makes it go forward is TCPCHK_ACT_COMMENT (3), there's little chance to
  17. see this as a valid pointer, except on 64-bit machines where it can match
  18. the end of a check_req string pointer.
  19. 

  20. This fix heavily depends on previous cleanup and both must be backported
  21. to 1.5 where the bug is present.
  22. (cherry picked from commit f2c87353a7f8160930b5f342bb6d6ad0991ee3d1)
  23. [wt: this patch differs significantly from 1.6 since we don't have comments]
  24. ---

  25.  src/cfgparse.c |  4 +++-
  26.  src/checks.c   | 12 ++++++++++++
  27.  2 files changed, 15 insertions(+), 1 deletion(-)
  28. 

  29. diff --git a/src/cfgparse.c b/src/cfgparse.c

  30. index 746c7eb..dba59d1 100644

  31. --- a/src/cfgparse.c

  32. +++ b/src/cfgparse.c

  33. @@ -4368,7 +4368,9 @@ stats_error_parsing:

  34.  			l = (struct list *)&curproxy->tcpcheck_rules;
  35.  			if (l->p != l->n) {
  36.  				tcpcheck = (struct tcpcheck_rule *)l->n;
  37. -				if (tcpcheck && tcpcheck->action != TCPCHK_ACT_CONNECT) {

  38. +

  39. +				if (&tcpcheck->list != &curproxy->tcpcheck_rules

  40. +				    && tcpcheck->action != TCPCHK_ACT_CONNECT) {

  41.  					Alert("parsing [%s:%d] : first step MUST also be a 'connect' when there is a 'connect' step in the tcp-check ruleset.\n",
  42.  					      file, linenum);
  43.  					err_code |= ERR_ALERT | ERR_FATAL;
  44. diff --git a/src/checks.c b/src/checks.c

  45. index a0c42f2..e13d561 100644

  46. --- a/src/checks.c

  47. +++ b/src/checks.c

  48. @@ -2057,6 +2057,9 @@ static void tcpcheck_main(struct connection *conn)

  49.  			/* allow next rule */
  50.  			check->current_step = (struct tcpcheck_rule *)check->current_step->list.n;
  51.  
  52. +			if (&check->current_step->list == head)

  53. +				break;

  54. +

  55.  			/* don't do anything until the connection is established */
  56.  			if (!(conn->flags & CO_FL_CONNECTED)) {
  57.  				/* update expire time, should be done by process_chk */
  58. @@ -2110,6 +2113,9 @@ static void tcpcheck_main(struct connection *conn)

  59.  
  60.  			/* go to next rule and try to send */
  61.  			check->current_step = (struct tcpcheck_rule *)check->current_step->list.n;
  62. +

  63. +			if (&check->current_step->list == head)

  64. +				break;

  65.  		} /* end 'send' */
  66.  		else if (check->current_step->action == TCPCHK_ACT_EXPECT) {
  67.  			if (unlikely(check->result == CHK_RES_FAILED))
  68. @@ -2196,6 +2202,9 @@ static void tcpcheck_main(struct connection *conn)

  69.  					/* allow next rule */
  70.  					check->current_step = (struct tcpcheck_rule *)check->current_step->list.n;
  71.  
  72. +					if (&check->current_step->list == head)

  73. +						break;

  74. +

  75.  					if (check->current_step->action == TCPCHK_ACT_EXPECT)
  76.  						goto tcpcheck_expect;
  77.  					__conn_data_stop_recv(conn);
  78. @@ -2208,6 +2217,9 @@ static void tcpcheck_main(struct connection *conn)

  79.  					/* allow next rule */
  80.  					check->current_step = (struct tcpcheck_rule *)check->current_step->list.n;
  81.  
  82. +					if (&check->current_step->list == head)

  83. +						break;

  84. +

  85.  					if (check->current_step->action == TCPCHK_ACT_EXPECT)
  86.  						goto tcpcheck_expect;
  87.  					__conn_data_stop_recv(conn);
  88. -- 

  89. 2.0.5
  90.