BUG/MAJOR: namespaces: conn->target is not necessarily a server

create_server_socket() used to dereference objt_server(conn->target),
but if the target is not a server (eg: a proxy) then it's NULL and we
get a segfault. This can be reproduced with a proxy using "dispatch"
with no server, even when namespaces are disabled, because that code
is not #ifdef'd. The fix consists in first checking if the target is
a server.

This fix does not need to be backported, this is 1.6-only.

diff --git a/src/proto_tcp.c b/src/proto_tcp.c
index afb9e155a2c03466e27e6b74009658885f7bf5de..66d8b9db27932e772d3a82cefb4369ce7eff8d8f 100644 (file)
--- a/src/proto_tcp.c
+++ b/src/proto_tcp.c
@@ -250,11 +250,16 @@ int tcp_bind_socket(int fd, int flags, struct sockaddr_storage *local, struct so
 
 static int create_server_socket(struct connection *conn)
 {
-       const struct netns_entry *ns = objt_server(conn->target)->netns;
-
-       if (objt_server(conn->target)->flags & SRV_F_USE_NS_FROM_PP)
-               ns = conn->proxy_netns;
+       const struct netns_entry *ns = NULL;
 
+#ifdef CONFIG_HAP_NS
+       if (objt_server(conn->target)) {
+               if (__objt_server(conn->target)->flags & SRV_F_USE_NS_FROM_PP)
+                       ns = conn->proxy_netns;
+               else
+                       ns = __objt_server(conn->target)->netns;
+       }
+#endif
        return my_socketat(ns, conn->addr.to.ss_family, SOCK_STREAM, IPPROTO_TCP);
 }