BUG/MEDIUM: sticktables: segfault in some configuration error cases

When a stick table is tracked, and another one is used later on the
configuration, a segfault occurs.

The function "smp_create_src_stkctr" can return a NULL value, and
its value is not tested, so one other function try to dereference
a NULL pointer. This patch just add a verification of the NULL
pointer.

The problem is reproduced with this configuration:

   listen www
       mode http
       bind :12345
       tcp-request content track-sc0 src table IPv4
       http-request allow if { sc0_inc_gpc0(IPv6) gt 0 }
       server dummy 127.0.0.1:80
   backend IPv4
       stick-table type ip size 10 expire 60s store gpc0
   backend IPv6
       stick-table type ipv6 size 10 expire 60s store gpc0

Thank to kabefuna@gmail.com for the bug report.

This patch must be backported in the 1.6 and 1.5 version.

diff --git a/src/stream.c b/src/stream.c
index 2ca3b360069909d8259f2c672776ca7231595acc..fc113ec1906b37d5eed9009a09cfd69026df3058 100644 (file)
--- a/src/stream.c
+++ b/src/stream.c
@@ -2821,7 +2821,7 @@ smp_fetch_sc_inc_gpc0(const struct arg *args, struct sample *smp, const char *kw
        if (stkctr_entry(stkctr) == NULL)
                stkctr = smp_create_src_stkctr(smp->sess, smp->strm, args, kw);
 
-       if (stkctr_entry(stkctr) != NULL) {
+       if (stkctr && stkctr_entry(stkctr)) {
                void *ptr1,*ptr2;
 
                /* First, update gpc0_rate if it's tracked. Second, update its