From: Willy Tarreau Date: Thu, 10 Jul 2025 14:42:42 +0000 (+0200) Subject: CLEANUP: server: be sure never to compare src against a non-existing defsrv X-Git-Tag: v3.3-dev4~87 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=2414c5ce2f057bcfa10c7b76fa9444f648c37c2d;p=thirdparty%2Fhaproxy.git CLEANUP: server: be sure never to compare src against a non-existing defsrv The test in srv_ssl_settings_cpy() comparing src to the server's proxy's default server does work but it's a subtle trap. Indeed, no check is made on srv->proxy to be valid, and this only works because the compiler is comparing pointer offsets. During the boot, it's common to have NULL here in srv->proxy and of course in this case srv does not match that value which is NULL plus epsilon. But when trying to turn defsrv to a dynamic pointer instead, then the compiler is forced to dereference this NULL srv->proxy and dies during init. Let's always add the null check for srv->proxy before the test to avoid this situation. No backport is needed since the problem cannot happen yet. --- diff --git a/src/server.c b/src/server.c index c77ff5e48..272219534 100644 --- a/src/server.c +++ b/src/server.c @@ -2706,7 +2706,7 @@ static void srv_ssl_settings_cpy(struct server *srv, const struct server *src) /* is the current proxy's default server and SSL is enabled */ BUG_ON(src->ssl_ctx.ctx != NULL); /* the SSL_CTX must never be initialized in a default-server */ - if (src == &srv->proxy->defsrv && src->use_ssl == 1) + if (srv->proxy && src == &srv->proxy->defsrv && src->use_ssl == 1) srv->flags |= SRV_F_DEFSRV_USE_SSL; if (src->ssl_ctx.ca_file != NULL)