From: Willy Tarreau <w@1wt.eu>
Date: Tue, 6 Aug 2024 09:32:10 +0000 (+0200)
Subject: BUG/MEDIUM: trace: fix null deref in lockon mechanism since TRACE_ENABLED()
X-Git-Tag: v3.1-dev5~27
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=b5df6b5a31b86b4403f00b7e0230c97883eca0f3;p=thirdparty%2Fhaproxy.git

BUG/MEDIUM: trace: fix null deref in lockon mechanism since TRACE_ENABLED()

When calling TRACE_ENABLED(), which is called by TRACE_PRINTF(), we pass
a NULL plockptr to __trace_enabled(). This argument is used when lockon
is active, and may update the pointer. This is an overlook which also
broke the lockon mechanism because now for calls from __trace(), it
dereferences a pointer pointing to NULL, and never updates it due to the
broken condition, so that trace() never sets up src->lockon_ptr.

The bug was introduced in 2.8 by commit 8f9a9704bb ("MINOR: trace: add a
TRACE_ENABLED() macro to determine if a trace is active"), so the fix must
be backported there.
---

diff --git a/src/trace.c b/src/trace.c
index a2fd31e045..8f6519dfb9 100644
--- a/src/trace.c
+++ b/src/trace.c
@@ -205,7 +205,7 @@ int __trace_enabled(enum trace_level level, uint64_t mask, struct trace_source *
 		if (src->lockon_ptr && src->lockon_ptr != lockon_ptr)
 			return 0;
 
-		if (*plockptr && !src->lockon_ptr && lockon_ptr && src->state == TRACE_STATE_RUNNING)
+		if (plockptr && !src->lockon_ptr && lockon_ptr && src->state == TRACE_STATE_RUNNING)
 			*plockptr = lockon_ptr;
 	}