As reported by GH user @HiggsTeilchen on #3250, the use of "option
dont-parse-log" may result in segmentation fault when parsing the
configuration. In fact, "option assume-rfc6587-ntf" is also affected.
The reason behind this is that cfg_parse_log_forward() leverages the
cfg_parse_listen_match_option() function to check for generic proxy
options that are relevant in the PR_MODE_SYSLOG context. And while it
is not documented, this function assumes that the currently evaluated
proxy is stored in the global variable 'curproxy', which
cfg_parse_log_forward() doesn't offer.
cfg_parse_listen_match_option() uses curproxy to check the currently
evaluated proxy's capabilities is compatible with the option, so if a
proxy with the frontend capability was defined earlier in the config,
parsing would succeed, if curproxy points to proxy without the frontend
capabilty (ie: backend), a warning would be emitted to tell that the
option would be ignored while it is perfectly valid for the log-forward
proxy, and if no proxy was defined earlier in the config a segfault would
be triggered.
To fix the issue, we explicitly make "curproxy" global variable point to
the log-forward proxy being parsed in cfg_parse_log_forward() before
leveraging cfg_parse_listen_match_option() to check for compatible
options.
It must be backported with
834e9af8 ("MINOR: log: add options eval for
log-forward"), which was introduced in 3.2 precisely.
/* only consider options that are frontend oriented and log oriented, such options may be set
* in px->options2 because px->options is already full of tcp/http oriented options
+ * also, cfg_parse_listen_match_option() assumes global curproxy variable points to
+ * currently evaluated proxy
*/
+ curproxy = cfg_log_forward;
if (cfg_parse_listen_match_option(file, linenum, kwm, cfg_opts3, &err_code, args,
PR_MODE_SYSLOG, PR_CAP_FE,
&cfg_log_forward->options3, &cfg_log_forward->no_options3))
projects / thirdparty / haproxy.git / commitdiff
