From: Christopher Faulet Date: Mon, 28 Feb 2022 10:49:02 +0000 (+0100) Subject: BUG/MEDIUM: mux-fcgi: Don't rely on SI src/dst addresses for FCGI health-checks X-Git-Tag: v2.6-dev3~107 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=4ab8438362e9c37338350984afb76b393769f998;p=thirdparty%2Fhaproxy.git BUG/MEDIUM: mux-fcgi: Don't rely on SI src/dst addresses for FCGI health-checks When an HTTP health-check is performed in FCGI, we must not rely on the SI source and destination addresses to set default parameters (REMOTE_ADDR/REMOTE_PORT and SERVER_NAME/SERVER_PORT) because the backend conn-stream is not attached to a stream but to a healt-check. Thus, there is no stream-interface. In addition, there is no client connection because it is an "internal" session. Thus, for now, in this case, there is only the server connection that can be used. So src/dst addresses are retrieved from the server connection when the CS application is a health-check. This patch should solve issue #1572. It must be backported to 2.5. Note than the CS api has changed. Thus, on HAProxy 2.5, we should test the session's origin instead: const struct sockaddr_storage *src = (cs_check(fstrm->cs) ? ...); const struct sockaddr_storage *dst = (cs_check(fstrm->cs) ? ...); --- diff --git a/src/mux_fcgi.c b/src/mux_fcgi.c index 419f084891..b5b2807492 100644 --- a/src/mux_fcgi.c +++ b/src/mux_fcgi.c @@ -1230,8 +1230,8 @@ static int fcgi_set_default_param(struct fcgi_conn *fconn, struct fcgi_strm *fst struct fcgi_strm_params *params) { struct connection *cli_conn = objt_conn(fstrm->sess->origin); - const struct sockaddr_storage *src = si_src(si_opposite(cs_si(fstrm->cs))); - const struct sockaddr_storage *dst = si_dst(si_opposite(cs_si(fstrm->cs))); + const struct sockaddr_storage *src = (cs_check(fstrm->cs) ? conn_src(fconn->conn) : si_src(si_opposite(cs_si(fstrm->cs)))); + const struct sockaddr_storage *dst = (cs_check(fstrm->cs) ? conn_dst(fconn->conn) : si_dst(si_opposite(cs_si(fstrm->cs)))); struct ist p; if (!sl)