From: Olivier Houchard <cognet@ci0.org>
Date: Sat, 20 Oct 2018 23:33:11 +0000 (+0200)
Subject: BUG/MEDIUM: pools: Fix the usage of mmap()) with DEBUG_UAF.
X-Git-Tag: v1.9-dev4~11
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=62975a7740cba4bdaf1c096dd246feba854d2410;p=thirdparty%2Fhaproxy.git

BUG/MEDIUM: pools: Fix the usage of mmap()) with DEBUG_UAF.

When mapping memory with mmap(), we should use a fd of -1, not 0. 0 may
work on linux, but it doesn't work on FreeBSD, and probably other OSes.

It would be nice to backport this to 1.8 to help debugging there.
---

diff --git a/include/common/memory.h b/include/common/memory.h
index 5fde4bcddc..2301e3ad53 100644
--- a/include/common/memory.h
+++ b/include/common/memory.h
@@ -394,12 +394,13 @@ static inline void pool_free_area(void *area, size_t __maybe_unused size)
  * some padding is added, the area's start address is copied at the end of the
  * padding to help detect underflows.
  */
+#include <errno.h>
 static inline void *pool_alloc_area(size_t size)
 {
 	size_t pad = (4096 - size) & 0xFF0;
 	void *ret;
 
-	ret = mmap(NULL, (size + 4095) & -4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, 0, 0);
+	ret = mmap(NULL, (size + 4095) & -4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0);
 	if (ret == MAP_FAILED)
 		return NULL;
 	if (pad >= sizeof(void *))