[BUG] fix crash when no cookie is set on server

In cookie prefix or rewrite modes, if the elected server had no
cookie, a NULL pointer was passed to the rewrite function, causing
a SIGSEGV.

diff --git a/src/proto_http.c b/src/proto_http.c
index c7d91d3185338d7094b4b6e9db0780925e1b116b..6399673591a5c876c94c64dcf24a8b62f30d1782 100644 (file)
--- a/src/proto_http.c
+++ b/src/proto_http.c
@@ -2584,14 +2584,16 @@ int process_srv(struct session *t)
                                                        delete_header = 1;
                                                        t->flags |= SN_SCK_DELETED;
                                                }
-                                               else if ((t->srv) && (t->be->beprm->options & PR_O_COOK_RW)) {
+                                               else if ((t->srv) && (t->srv->cookie) &&
+                                                        (t->be->beprm->options & PR_O_COOK_RW)) {
                                                        /* replace bytes p3->p4 with the cookie name associated
                                                         * with this server since we know it.
                                                         */
                                                        buffer_replace2(rep, p3, p4, t->srv->cookie, t->srv->cklen);
                                                        t->flags |= SN_SCK_INSERTED | SN_SCK_DELETED;
                                                }
-                                               else if ((t->srv) && (t->be->beprm->options & PR_O_COOK_PFX)) {
+                                               else if ((t->srv) && (t->srv->cookie) &&
+                                                        (t->be->beprm->options & PR_O_COOK_PFX)) {
                                                        /* insert the cookie name associated with this server
                                                         * before existing cookie, and insert a delimitor between them..
                                                         */
@@ -4087,7 +4089,8 @@ void manage_client_side_cookies(struct session *t, struct buffer *req)
                                                srv = NULL;
 
                                        while (srv) {
-                                               if ((srv->cklen == delim - p3) && !memcmp(p3, srv->cookie, delim - p3)) {
+                                               if (srv->cookie && (srv->cklen == delim - p3) &&
+                                                   !memcmp(p3, srv->cookie, delim - p3)) {
                                                        if (srv->state & SRV_RUNNING || t->be->beprm->options & PR_O_PERSIST) {
                                                                /* we found the server and it's usable */
                                                                t->flags &= ~SN_CK_MASK;