BUG/MEDIUM: ring: fix creation of server in uninitialized ring

If a "ring" section initialization fails (e.g. due to a duplicate name,
invalid chars, or missing memory), any subsequent "server" statement that
appears in the same section will crash the config parser by dereferencing
the currently NULL cfg_sink. E.g:

    ring x
    ring x                 # fails on "already exists"
       server srv 1.1.1.1  # crashes on cfg_sink==NULL

All other statements have a test for this but "server" was missing it,
so this patch adds it.

Thanks to Joel Hutchinson for reporting this issue.

This must be backported as far as 2.2.

diff --git a/src/sink.c b/src/sink.c
index de1e9cfbf441f4081840e4c64212218321d8c58b..ef3d0f0f216582720e182e2374230731e71a0c09 100644 (file)
--- a/src/sink.c
+++ b/src/sink.c
@@ -954,6 +954,12 @@ int cfg_parse_ring(const char *file, int linenum, char **args, int kwm)
                cfg_sink->ctx.ring = ring_make_from_area(area, size);
        }
        else if (strcmp(args[0],"server") == 0) {
+               if (!cfg_sink || (cfg_sink->type != SINK_TYPE_BUFFER)) {
+                       ha_alert("parsing [%s:%d] : unable to create server '%s'.\n", file, linenum, args[1]);
+                       err_code |= ERR_ALERT | ERR_FATAL;
+                       goto err;
+               }
+
                err_code |= parse_server(file, linenum, args, cfg_sink->forward_px, NULL,
                                         SRV_PARSE_PARSE_ADDR|SRV_PARSE_INITIAL_RESOLVE);
        }