From: Christopher Faulet <cfaulet@haproxy.com>
Date: Thu, 15 Oct 2020 14:08:30 +0000 (+0200)
Subject: BUG/MEDIUM: spoe: Unset variable instead of set it if no data provided
X-Git-Tag: v2.3-dev7~4
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=2469eba20fdc01f8ca95726a8c11feaaa8825027;p=thirdparty%2Fhaproxy.git

BUG/MEDIUM: spoe: Unset variable instead of set it if no data provided

If an agent try to set a variable with the NULL data type, an unset is perform
instead to avoid undefined behaviors. Once decoded, such data are translated to
a sample with the type SMP_T_ANY. It is unexpected in HAProxy. When a variable
is set with such sample, no data are attached to the variable. Thus, when the
variable is retrieved later in the transaction, the sample data are
uninitialized, leading to undefined behaviors depending on how it is used. For
instance, it leads to a crash if the debug converter is used on such variable.

This patch should fix the issue #855. It must be backported as far as 1.8.
---

diff --git a/src/flt_spoe.c b/src/flt_spoe.c
index 62e535ef11..cf5fc7a4c0 100644
--- a/src/flt_spoe.c
+++ b/src/flt_spoe.c
@@ -2368,7 +2368,10 @@ spoe_decode_action_set_var(struct stream *s, struct spoe_context *ctx,
 		    ((struct spoe_config *)FLT_CONF(ctx->filter))->agent->var_pfx,
 		    (int)sz, str);
 
-	spoe_set_var(ctx, scope, str, sz, &smp);
+	if (smp.data.type == SMP_T_ANY)
+		spoe_unset_var(ctx, scope, str, sz, &smp);
+	else
+		spoe_set_var(ctx, scope, str, sz, &smp);
 
 	ret  = (p - *buf);
 	*buf = p;