You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

40 lines
1.6 KiB

  1. commit ed3951cf6d9c7846fc780042fdddc194dda47c8d
  2. Author: Ricardo Nabinger Sanchez <rnsanchez@taghos.com.br>
  3. Date: Thu Mar 28 21:42:23 2019 -0300
  4. BUG/MAJOR: checks: segfault during tcpcheck_main
  5. When using TCP health checks (tcp-check connect), it is possible to
  6. crash with a segfault when, for reasons yet to be understood, the
  7. protocol family is unknown.
  8. In the function tcpcheck_main(), proto is dereferenced without a prior
  9. test in case it is NULL, leading to the segfault during proto->connect
  10. dereference.
  11. The line has been unmodified since it was introduced, in commit
  12. 69e273f3fcfbfb9cc0fb5a09668faad66cfbd36b. This was the only use of
  13. proto (or more specifically, the return of protocol_by_family()) that
  14. was unprotected; all other callsites perform the test for a NULL
  15. pointer.
  16. This patch should be backported to 1.9, 1.8, 1.7, and 1.6.
  17. (cherry picked from commit 4bccea98912c74fa42c665ec25e417c2cca4eee7)
  18. Signed-off-by: Willy Tarreau <w@1wt.eu>
  19. (cherry picked from commit 2cefb36087f240b66b2aa4824a317ef5f9b85e68)
  20. Signed-off-by: Christopher Faulet <cfaulet@haproxy.com>
  21. diff --git a/src/checks.c b/src/checks.c
  22. index e04f1146..fdebf931 100644
  23. --- a/src/checks.c
  24. +++ b/src/checks.c
  25. @@ -2771,7 +2771,7 @@ static int tcpcheck_main(struct check *check)
  26. conn_install_mux(conn, &mux_pt_ops, cs);
  27. ret = SF_ERR_INTERNAL;
  28. - if (proto->connect)
  29. + if (proto && proto->connect)
  30. ret = proto->connect(conn,
  31. 1 /* I/O polling is always needed */,
  32. (next && next->action == TCPCHK_ACT_EXPECT) ? 0 : 2);