BUG/MINOR: errors: invalid use of memprintf in startup_logs_init()

On startup/reload, startup_logs_init() will try to export startup logs shm
filedescriptor through the internal HAPROXY_STARTUPLOGS_FD env variable.

While memprintf() is used to prepare the string to be exported via
setenv(), str_fd argument (first argument passed to memprintf()) could
be non NULL as a result of HAPROXY_STARTUPLOGS_FD env variable being
already set.

Indeed: str_fd is already used earlier in the function to store the result
of getenv("HAPROXY_STARTUPLOGS_FD").

The issue here is that memprintf() is designed to free the 'out' argument
if out != NULL, and here we don't expect str_fd to be freed since it was
provided by getenv() and would result in memory violation.

To prevent any invalid free, we must ensure that str_fd is set to NULL
prior to calling memprintf().

This must be backported in 2.7 with eba6a54cd4 ("MINOR: logs: startup-logs
can use a shm for logging the reload")

diff --git a/src/errors.c b/src/errors.c
index 8221adb0e0d40b44929c666a1599d9c143f2a207..ba4b8ced546db6a02ad6d9d6ee7824008c88a90a 100644 (file)
--- a/src/errors.c
+++ b/src/errors.c
@@ -145,6 +145,7 @@ void startup_logs_init()
                if (!r)
                        goto error;
 
+               str_fd = NULL;
                memprintf(&str_fd, "%d", fd);
                setenv("HAPROXY_STARTUPLOGS_FD", str_fd, 1);
                ha_free(&str_fd);