BUG/MEDIUM: peers: fix segfault using multiple bind on peers sections

If multiple "bind" lines were present on the "peers" section, multiple
listeners were added to a list but the code mistakenly initialize
the first member and this first listener was re-configured instead of
the newly created one. The last one remains uninitialized causing a null
dereference a soon a connection is received.

In addition, the 'peers' sections and protocol are not currently designed to
handle multiple listeners.

This patch check if there is already a listener configured on the 'peers'
section when we want to create a new one. This is rising an error if
a listener is already present showing the file and line in the error
message.

To keep the file and line number of the previous listener available
for the error message, the 'bind_conf_uniq_alloc' function was modified
to keep the file/line data the struct 'bind_conf' was firstly
allocated (previously it was updated each time the 'bind_conf' was
reused).

This patch should be backported until version 2.0

diff --git a/src/cfgparse.c b/src/cfgparse.c
index 40c5a16e11feb556d457873627be3116a793c85b..52bf2ffddba54c94997a1e17fc71f3a2d5e58dab 100644 (file)
--- a/src/cfgparse.c
+++ b/src/cfgparse.c
@@ -615,9 +615,10 @@ static struct bind_conf *bind_conf_uniq_alloc(struct proxy *p,
 
        if (!LIST_ISEMPTY(&p->conf.bind)) {
                bind_conf = LIST_ELEM((&p->conf.bind)->n, typeof(bind_conf), by_fe);
-               free(bind_conf->file);
-               bind_conf->file = strdup(file);
-               bind_conf->line = line;
+               /*
+                * We keep bind_conf->file and bind_conf->line unchanged
+                * to make them available for error messages
+                */
                if (arg) {
                        free(bind_conf->arg);
                        bind_conf->arg = strdup(arg);
@@ -712,6 +713,11 @@ int cfg_parse_peers(const char *file, int linenum, char **args, int kwm)
                                goto out;
                        }
 
+                       if (!LIST_ISEMPTY(&bind_conf->listeners)) {
+                               ha_alert("parsing [%s:%d] : One listener per \"peers\" section is authorized but another is already configured at [%s:%d].\n", file, linenum, bind_conf->file, bind_conf->line);
+                               err_code |= ERR_FATAL;
+                       }
+
                        if (!str2listener(args[1], curpeers->peers_fe, bind_conf, file, linenum, &errmsg)) {
                                if (errmsg && *errmsg) {
                                        indent_msg(&errmsg, 2);
@@ -910,6 +916,11 @@ int cfg_parse_peers(const char *file, int linenum, char **args, int kwm)
 
                bind_conf = bind_conf_uniq_alloc(curpeers->peers_fe, file, linenum, args[2], xprt_get(XPRT_RAW));
 
+               if (!LIST_ISEMPTY(&bind_conf->listeners)) {
+                       ha_alert("parsing [%s:%d] : One listener per \"peers\" section is authorized but another is already configured at [%s:%d].\n", file, linenum, bind_conf->file, bind_conf->line);
+                       err_code |= ERR_FATAL;
+               }
+
                if (!str2listener(args[2], curpeers->peers_fe, bind_conf, file, linenum, &errmsg)) {
                        if (errmsg && *errmsg) {
                                indent_msg(&errmsg, 2);