From: Thierry FOURNIER Date: Mon, 25 Jun 2018 20:35:20 +0000 (+0200) Subject: BUG/MAJOR: Stick-tables crash with segfault when the key is not in the stick-table X-Git-Tag: v1.9-dev1~186 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=ac1f3ed64b58bd178865c6f2cc8f6f306d9e1e15;p=thirdparty%2Fhaproxy.git BUG/MAJOR: Stick-tables crash with segfault when the key is not in the stick-table When a lookup is done on a key not present in the stick-table the "st" pointer is NULL and it is used to return the converter result, but it is used untested with stktable_release(). This regression was introduced in 1.8.10 here: BUG/MEDIUM: stick-tables: Decrement ref_cnt in table_* converters commit d7bd88009d88dd413e01bc0baa90d6662a3d7718 Author: Daniel Corbett Date: Sun May 27 09:47:12 2018 -0400 Minimal conf for reproducong the problem: frontend test mode http stick-table type ip size 1m expire 1h store gpc0 bind *:8080 http-request redirect location /a if { src,in_table(test) } The segfault is triggered using: curl -i http://127.0.0.1:8080/ This patch must be backported in 1.8 --- diff --git a/src/stick_table.c b/src/stick_table.c index 101a4e253f..4294654551 100644 --- a/src/stick_table.c +++ b/src/stick_table.c @@ -875,7 +875,8 @@ static int sample_conv_in_table(const struct arg *arg_p, struct sample *smp, voi smp->data.type = SMP_T_BOOL; smp->data.u.sint = !!ts; smp->flags = SMP_F_VOL_TEST; - stktable_release(t, ts); + if (ts) + stktable_release(t, ts); return 1; }