As reported by GH user @Lzq-001 on issue #3245, the config below would
cause haproxy to SEGFAULT after having reported an error:
frontend
0000000
http-request set-map %[hdr(0000)0_
Root cause is simple, in parse_http_set_map(), we define the release
function (which is responsible to clear lf_expr expressions used by the
action), prior to initializing the expressions, while the release
function assumes the expressions are always initialized.
For all similar actions, we already perform the init prior to setting
the related release function, but this was not the case for
parse_http_set_map(). We fix the bug by initializing the expressions
earlier.
Thanks to @Lzq-001 for having reported the issue and provided a simple
reproducer.
It should be backported to all stable versions, note for versions prior to
3.0, lf_expr_init() should be replace by LIST_INIT(), see
6810c41 ("MEDIUM: tree-wide: add logformat expressions wrapper")
}
rule->action_ptr = http_action_set_map;
rule->release_ptr = release_http_map;
+ lf_expr_init(&rule->arg.map.key);
+ lf_expr_init(&rule->arg.map.value);
cur_arg = *orig_arg;
if (rule->action == 1 && (!*args[cur_arg] || !*args[cur_arg+1])) {
}
/* key pattern */
- lf_expr_init(&rule->arg.map.key);
if (!parse_logformat_string(args[cur_arg], px, &rule->arg.map.key, LOG_OPT_NONE, cap, err)) {
free(rule->arg.map.ref);
return ACT_RET_PRS_ERR;
if (rule->action == 1) {
/* value pattern for set-map only */
cur_arg++;
- lf_expr_init(&rule->arg.map.value);
if (!parse_logformat_string(args[cur_arg], px, &rule->arg.map.value, LOG_OPT_NONE, cap, err)) {
free(rule->arg.map.ref);
return ACT_RET_PRS_ERR;
projects / thirdparty / haproxy.git / commitdiff
