git.ipfire.org Git - thirdparty/haproxy.git/commit

author	Willy Tarreau <w@1wt.eu>
	Mon, 26 Jan 2026 10:13:29 +0000 (11:13 +0100)
committer	Willy Tarreau <w@1wt.eu>
	Mon, 26 Jan 2026 10:45:49 +0000 (11:45 +0100)
commit	4e7c07736a10ac8e896a1fc8d9f5572f515db282
tree	f40f6acafc6109712275bef2ae10f5462c20e1b3	tree \| snapshot
parent	c267d24f57a6fdd03ea8e4854ea75ddd8c84471c	commit \| diff

BUG/MINOR: config: check capture pool creations for failures

A few capture pools can fail in case of too large values for example.
These include the req_uri, capture, and caphdr pools, and may be triggered
with "tune.http.logurilen 2147483647" in the global section, or one of
these in a frontend:

  capture request header name len 2147483647
  http-request capture src len 2147483647
  tcp-request content capture src len 2147483647

These seem to be the only occurrences where create_pool()'s return value
is assigned without being checked, so let's add the proper check for
errors there. This can be backported as a hardening measure though the
risks and impacts are extremely low.

src/cfgparse.c		diff \| blob \| blame \| history
src/http_act.c		diff \| blob \| blame \| history
src/proxy.c		diff \| blob \| blame \| history
src/tcp_rules.c		diff \| blob \| blame \| history