From: Aurelien DARRAGON Date: Wed, 5 Mar 2025 11:01:34 +0000 (+0100) Subject: BUG/MINOR: log: set proper smp size for balance log-hash X-Git-Tag: v3.2-dev7~33 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=94a9b0f5deabd49020c8ff535a3404494345b399;p=thirdparty%2Fhaproxy.git BUG/MINOR: log: set proper smp size for balance log-hash result.data.u.str.size was set to size+1 to take into account terminating NULL byte as per the comment. But this is wrong because the caller is free to set size to just the right amount of bytes (without terminating NULL byte). In fact all smp API functions will not read past str.data so there is not risk about uninitialized reads, but this leaves an ambiguity for converters that may use all the smp size to perform transformations, and since we don't know about the "message" memory origin, we cannot assume that its size may be greater than size. So we max it out to size just to be safe. This bug was not known to cause any issue, it was spotted during code review. It should be backported in 2.9 with b30bd7a ("MEDIUM: log/balance: support for the "hash" lb algorithm") --- diff --git a/src/log.c b/src/log.c index c310c344c..6be7fd222 100644 --- a/src/log.c +++ b/src/log.c @@ -2868,8 +2868,7 @@ static inline void __do_send_log_backend(struct proxy *be, struct log_header hdr result.data.type = SMP_T_STR; result.flags = SMP_F_CONST; result.data.u.str.area = message; - result.data.u.str.data = size; - result.data.u.str.size = size + 1; /* with terminating NULL byte */ + result.data.u.str.data = result.data.u.str.size = size; if (sample_process_cnv(be->lbprm.expr, &result)) { /* gen_hash takes binary input, ensure that we provide such value to it */ if (result.data.type == SMP_T_BIN || sample_casts[result.data.type][SMP_T_BIN]) {