BUG/MINOR: backend: do not call smp_make_safe for sni conn hash

conn_hash_prehash does not need a nul-terminated string, thus it is only
needed to test if the sni sample is not null before using it as
connection hash input.

Moreover, a bug could be introduced between smp_make_safe and
ssl_sock_set_servername call. Indeed, smp_make_safe may call smp_dup
which duplicates the sample in the trash buffer. If another function
manipulates the trash buffer before the call to ssl_sock_set_servername,
the sni sample might be erased. Currently, no function seems to do that
except make_proxy_line in case proxy protocol is used simultaneously
with the sni on the server.

This does not need to be backported.

diff --git a/src/backend.c b/src/backend.c
index 5f6f03863996815810b1a8aae2a8acf344434b0e..e2fa3c35a9ded1463a8b7a8300cb05903d97f1ca 100644 (file)
--- a/src/backend.c
+++ b/src/backend.c
@@ -1289,7 +1289,12 @@ int connect_server(struct stream *s)
                sni_smp = sample_fetch_as_type(s->be, s->sess, s,
                                               SMP_OPT_DIR_REQ | SMP_OPT_FINAL,
                                               srv->ssl_ctx.sni, SMP_T_STR);
-               if (smp_make_safe(sni_smp)) {
+
+               /* only test if the sample is not null as smp_make_safe (called
+                * before ssl_sock_set_servername) can only fails if this is
+                * not the case
+                */
+               if (sni_smp) {
                        sni_hash = conn_hash_prehash(sni_smp->data.u.str.area,
                                                     sni_smp->data.u.str.data);
                        hash_params.sni_prehash = &sni_hash;