BUG/MINOR: config: don't propagate process binding on fatal errors.

propagate_processes() must not be called with unresolved proxies, but
nothing prevents it from being called in check_config_validity(). The
resulting effect is that an unresolved proxy can cause a recursion
loop if called in such a situation, ending with a segfault after the
fatal error report. There's no side effect beyond this.

This patch refrains from calling the function when any error was met.

This bug also affects 1.5, it should be backported.

diff --git a/src/cfgparse.c b/src/cfgparse.c
index 133ef601e718fb98b2770930e637587487d7053f..a5af90b24a120d9276d383251d5a15a07f92d0bc 100644 (file)
--- a/src/cfgparse.c
+++ b/src/cfgparse.c
@@ -7246,10 +7246,14 @@ out_uri_auth_compat:
                        global.stats_fe->bind_proc = ~0UL;
        }
 
-       /* propagate bindings from frontends to backends */
-       for (curproxy = proxy; curproxy; curproxy = curproxy->next) {
-               if (curproxy->cap & PR_CAP_FE)
-                       propagate_processes(curproxy, NULL);
+       /* propagate bindings from frontends to backends. Don't do it if there
+        * are any fatal errors as we must not call it with unresolved proxies.
+        */
+       if (!cfgerr) {
+               for (curproxy = proxy; curproxy; curproxy = curproxy->next) {
+                       if (curproxy->cap & PR_CAP_FE)
+                               propagate_processes(curproxy, NULL);
+               }
        }
 
        /* Bind each unbound backend to all processes when not specified. */