BUG/MEDIUM: spoe: Unset variable instead of set it if no data provided

If an agent try to set a variable with the NULL data type, an unset is perform
instead to avoid undefined behaviors. Once decoded, such data are translated to
a sample with the type SMP_T_ANY. It is unexpected in HAProxy. When a variable
is set with such sample, no data are attached to the variable. Thus, when the
variable is retrieved later in the transaction, the sample data are
uninitialized, leading to undefined behaviors depending on how it is used. For
instance, it leads to a crash if the debug converter is used on such variable.

This patch should fix the issue #855. It must be backported as far as 1.8.

diff --git a/src/flt_spoe.c b/src/flt_spoe.c
index 62e535ef118834a545e0795841b8b1b29b26abcf..cf5fc7a4c0b4aad913265bdf7fe0c988fd7573fe 100644 (file)
--- a/src/flt_spoe.c
+++ b/src/flt_spoe.c
@@ -2368,7 +2368,10 @@ spoe_decode_action_set_var(struct stream *s, struct spoe_context *ctx,
                    ((struct spoe_config *)FLT_CONF(ctx->filter))->agent->var_pfx,
                    (int)sz, str);
 
-       spoe_set_var(ctx, scope, str, sz, &smp);
+       if (smp.data.type == SMP_T_ANY)
+               spoe_unset_var(ctx, scope, str, sz, &smp);
+       else
+               spoe_set_var(ctx, scope, str, sz, &smp);
 
        ret  = (p - *buf);
        *buf = p;