BUG/MEDIUM: tcp-check: don't rely on random memory contents

If "option tcp-check" is used and no "tcp-check" rule is specified, we
only look at rule->action which dereferences the proxy's memory and which
can randomly match TCPCHK_ACT_CONNECT or whatever else, causing a check
to fail. This bug is the result of an incorrect fix attempted in commit
f621bea ("BUG/MINOR: tcpcheck connect wrong behavior").

This fix must be backported into 1.5.

diff --git a/src/checks.c b/src/checks.c
index f6fb23d5f585d8c533fa03758e86738b0e8a8dfd..6a727286158f1e28097b81d0f2530cc309fca5fd 100644 (file)
--- a/src/checks.c
+++ b/src/checks.c
@@ -1442,7 +1442,7 @@ static int connect_conn_chk(struct task *t)
                set_host_port(&conn->addr.to, check->port);
        }
 
-       if (check->type == PR_O2_TCPCHK_CHK) {
+       if (check->type == PR_O2_TCPCHK_CHK && !LIST_ISEMPTY(&s->proxy->tcpcheck_rules)) {
                struct tcpcheck_rule *r = (struct tcpcheck_rule *) s->proxy->tcpcheck_rules.n;
                /* if first step is a 'connect', then tcpcheck_main must run it */
                if (r->action == TCPCHK_ACT_CONNECT) {