From: Willy Tarreau Date: Wed, 27 Jun 2018 04:25:57 +0000 (+0200) Subject: MINOR: stick-tables: make stktable_release() do nothing on NULL X-Git-Tag: v1.9-dev1~183 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=43e903553edc94bb9b33e965f37d8d218f7d1482;p=thirdparty%2Fhaproxy.git MINOR: stick-tables: make stktable_release() do nothing on NULL stktable_release() has been involved in two recent crashes by being used without enough care. Just like any free() function this one is often called on an exit path with a possibly unsafe argument. Given that there is another case (smp_fetch_sc_trackers()) which theorically could call it with an unchecked NULL, though it cannot happen since the function doesn't support being called with src_* hence cannot make use of tmpstkctr, let's rather move the check into the function itself to make it safer for the long term. This patch could be backported to 1.8 as a strengthening measure. --- diff --git a/src/stick_table.c b/src/stick_table.c index 8e16830d06..3c4e78309a 100644 --- a/src/stick_table.c +++ b/src/stick_table.c @@ -412,9 +412,11 @@ void stktable_touch_local(struct stktable *t, struct stksess *ts, int decrefcnt) ts->ref_cnt--; HA_SPIN_UNLOCK(STK_TABLE_LOCK, &t->lock); } -/* Just decrease the ref_cnt of the current session */ -void stktable_release(struct stktable *t, struct stksess *ts) +/* Just decrease the ref_cnt of the current session. Does nothing if is NULL */ +static void stktable_release(struct stktable *t, struct stksess *ts) { + if (!ts) + return; HA_SPIN_LOCK(STK_TABLE_LOCK, &t->lock); ts->ref_cnt--; HA_SPIN_UNLOCK(STK_TABLE_LOCK, &t->lock); @@ -875,8 +877,7 @@ static int sample_conv_in_table(const struct arg *arg_p, struct sample *smp, voi smp->data.type = SMP_T_BOOL; smp->data.u.sint = !!ts; smp->flags = SMP_F_VOL_TEST; - if (ts) - stktable_release(t, ts); + stktable_release(t, ts); return 1; } @@ -2014,7 +2015,7 @@ smp_fetch_sc_tracked(const struct arg *args, struct sample *smp, const char *kw, smp->data.u.sint = !!stkctr; /* release the ref count */ - if ((stkctr == &tmpstkctr) && stkctr_entry(stkctr)) + if ((stkctr == &tmpstkctr)) stktable_release(stkctr->table, stkctr_entry(stkctr)); return 1;