From: Amaury Denoyelle Date: Fri, 22 Jan 2021 15:47:46 +0000 (+0100) Subject: MINOR: connection: use the srv pointer for the srv conn hash X-Git-Tag: v2.4-dev8~72 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=1a58aca84ed899da3b9b28445156ba1f5f1b9005;p=thirdparty%2Fhaproxy.git MINOR: connection: use the srv pointer for the srv conn hash The pointer of the target server is used as a first parameter for the server connection hash calcul. This prevents the hash to be null when no specific parameters are present, and can serve as a simple defense against an attacker trying to reuse a non-conform connection. --- diff --git a/include/haproxy/connection-t.h b/include/haproxy/connection-t.h index dd52bd3a7e..a8239b43fe 100644 --- a/include/haproxy/connection-t.h +++ b/include/haproxy/connection-t.h @@ -487,6 +487,7 @@ enum conn_hash_params_t { * connection hash. */ struct conn_hash_params { + struct server *srv; }; /* This structure describes a connection with its methods and data. diff --git a/src/backend.c b/src/backend.c index 4b2c9f8272..4879940ba2 100644 --- a/src/backend.c +++ b/src/backend.c @@ -1251,15 +1251,18 @@ int connect_server(struct stream *s) /* first, set unique connection parameters and then calculate hash */ memset(&hash_params, 0, sizeof(hash_params)); - hash = conn_calculate_hash(&hash_params); + + srv = objt_server(s->target); + hash_params.srv = srv; + + if (srv) + hash = conn_calculate_hash(&hash_params); /* This will catch some corner cases such as lying connections resulting from * retries or connect timeouts but will rarely trigger. */ si_release_endpoint(&s->si[1]); - srv = objt_server(s->target); - /* do not reuse if mode is http or if avail list is not allocated */ if ((s->be->mode != PR_MODE_HTTP) || (srv && !srv->available_conns_tree)) goto skip_reuse; diff --git a/src/connection.c b/src/connection.c index f5dbffbc19..3656b36366 100644 --- a/src/connection.c +++ b/src/connection.c @@ -1421,6 +1421,8 @@ XXH64_hash_t conn_calculate_hash(const struct conn_hash_params *params) buf = trash.area; + conn_hash_update(buf, &idx, ¶ms->srv, sizeof(params->srv), &hash_flags, 0); + hash = conn_hash_digest(buf, idx, hash_flags); return hash; }