From: Willy Tarreau Date: Mon, 22 Dec 2014 18:34:00 +0000 (+0100) Subject: BUG/MAJOR: stream-int: properly check the memory allocation return X-Git-Tag: v1.6-dev1~237 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=a69fc9f803c05de93b03fc7d4a28d5c503c6d3c9;p=thirdparty%2Fhaproxy.git BUG/MAJOR: stream-int: properly check the memory allocation return In stream_int_register_handler(), we call si_alloc_appctx(si) but as a mistake, instead of checking the return value for a NULL, we test . This bug was discovered under extreme memory contention (memory for only two buffers with 500 connections waiting) and after 3 million failed connections. While it was very hard to produce it, the fix is tagged major because in theory it could happen when haproxy runs with a very low "-m" setting preventing from allocating just the few bytes needed for an appctx. But most users will never be able to trigger it. The fix was confirmed to address the bug. This fix must be backported to 1.5. --- diff --git a/src/stream_interface.c b/src/stream_interface.c index 9f7e979edf..075deef5d8 100644 --- a/src/stream_interface.c +++ b/src/stream_interface.c @@ -366,7 +366,7 @@ struct appctx *stream_int_register_handler(struct stream_interface *si, struct s DPRINTF(stderr, "registering handler %p for si %p (was %p)\n", app, si, si->owner); appctx = si_alloc_appctx(si); - if (!si) + if (!appctx) return NULL; appctx_set_applet(appctx, app);