You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
 
 
 
 
 
 

40 lines
1.6 KiB

commit ed3951cf6d9c7846fc780042fdddc194dda47c8d
Author: Ricardo Nabinger Sanchez <rnsanchez@taghos.com.br>
Date: Thu Mar 28 21:42:23 2019 -0300
BUG/MAJOR: checks: segfault during tcpcheck_main
When using TCP health checks (tcp-check connect), it is possible to
crash with a segfault when, for reasons yet to be understood, the
protocol family is unknown.
In the function tcpcheck_main(), proto is dereferenced without a prior
test in case it is NULL, leading to the segfault during proto->connect
dereference.
The line has been unmodified since it was introduced, in commit
69e273f3fcfbfb9cc0fb5a09668faad66cfbd36b. This was the only use of
proto (or more specifically, the return of protocol_by_family()) that
was unprotected; all other callsites perform the test for a NULL
pointer.
This patch should be backported to 1.9, 1.8, 1.7, and 1.6.
(cherry picked from commit 4bccea98912c74fa42c665ec25e417c2cca4eee7)
Signed-off-by: Willy Tarreau <w@1wt.eu>
(cherry picked from commit 2cefb36087f240b66b2aa4824a317ef5f9b85e68)
Signed-off-by: Christopher Faulet <cfaulet@haproxy.com>
diff --git a/src/checks.c b/src/checks.c
index e04f1146..fdebf931 100644
--- a/src/checks.c
+++ b/src/checks.c
@@ -2771,7 +2771,7 @@ static int tcpcheck_main(struct check *check)
conn_install_mux(conn, &mux_pt_ops, cs);
ret = SF_ERR_INTERNAL;
- if (proto->connect)
+ if (proto && proto->connect)
ret = proto->connect(conn,
1 /* I/O polling is always needed */,
(next && next->action == TCPCHK_ACT_EXPECT) ? 0 : 2);