From: Willy Tarreau <w@1wt.eu>
Date: Wed, 24 Dec 2014 12:47:55 +0000 (+0100)
Subject: BUG/MAJOR: namespaces: conn->target is not necessarily a server
X-Git-Tag: v1.6-dev1~235
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=529c13933b1007cf75d38140f569e6f5e2c99e78;p=thirdparty%2Fhaproxy.git

BUG/MAJOR: namespaces: conn->target is not necessarily a server

create_server_socket() used to dereference objt_server(conn->target),
but if the target is not a server (eg: a proxy) then it's NULL and we
get a segfault. This can be reproduced with a proxy using "dispatch"
with no server, even when namespaces are disabled, because that code
is not #ifdef'd. The fix consists in first checking if the target is
a server.

This fix does not need to be backported, this is 1.6-only.
---

diff --git a/src/proto_tcp.c b/src/proto_tcp.c
index afb9e155a2..66d8b9db27 100644
--- a/src/proto_tcp.c
+++ b/src/proto_tcp.c
@@ -250,11 +250,16 @@ int tcp_bind_socket(int fd, int flags, struct sockaddr_storage *local, struct so
 
 static int create_server_socket(struct connection *conn)
 {
-	const struct netns_entry *ns = objt_server(conn->target)->netns;
-
-	if (objt_server(conn->target)->flags & SRV_F_USE_NS_FROM_PP)
-		ns = conn->proxy_netns;
+	const struct netns_entry *ns = NULL;
 
+#ifdef CONFIG_HAP_NS
+	if (objt_server(conn->target)) {
+		if (__objt_server(conn->target)->flags & SRV_F_USE_NS_FROM_PP)
+			ns = conn->proxy_netns;
+		else
+			ns = __objt_server(conn->target)->netns;
+	}
+#endif
 	return my_socketat(ns, conn->addr.to.ss_family, SOCK_STREAM, IPPROTO_TCP);
 }