From: Thayne McCombs <thayne@lucidchart.com>
Date: Wed, 6 Jan 2021 06:10:09 +0000 (-0700)
Subject: BUG/MEDIUM: server: srv_set_addr_desc() crashes when a server has no address
X-Git-Tag: v2.4-dev5~11
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=24da7e1aa6dba2dd97ec02245d80c619f5114abe;p=thirdparty%2Fhaproxy.git

BUG/MEDIUM: server: srv_set_addr_desc() crashes when a server has no address

GitHub Issue #1026 reported a crash during configuration check for the
following example config:

    backend 0
    server 0 0
    server 0 0

HAProxy crashed in srv_set_addr_desc() due to a NULL pointer dereference
caused by `sa2str` returning NULL for an `AF_UNSPEC` address (`0`).

Check to make sure the address key is non-null before using it for
comparison or inserting it into the tree.

The crash was introduced in commit 92149f9a8 ("MEDIUM: stick-tables: Add
srvkey option to stick-table") which not in any released version so no
backport is needed.

Cc: Tim Duesterhus <tim@bastelstu.be>
---

diff --git a/src/server.c b/src/server.c
index 50c6da1317..d1aa51dc8a 100644
--- a/src/server.c
+++ b/src/server.c
@@ -204,7 +204,7 @@ static void srv_set_addr_desc(struct server *s)
 	key = sa2str(&s->addr, s->svc_port, s->flags & SRV_F_MAPPORTS);
 
 	if (s->addr_node.key) {
-		if (strcmp(key, s->addr_node.key) == 0) {
+		if (key && strcmp(key, s->addr_node.key) == 0) {
 			free(key);
 			return;
 		}
@@ -218,9 +218,11 @@ static void srv_set_addr_desc(struct server *s)
 
 	s->addr_node.key = key;
 
-	HA_RWLOCK_WRLOCK(PROXY_LOCK, &p->lock);
-	ebis_insert(&p->used_server_addr, &s->addr_node);
-	HA_RWLOCK_WRUNLOCK(PROXY_LOCK, &p->lock);
+	if (s->addr_node.key) {
+		HA_RWLOCK_WRLOCK(PROXY_LOCK, &p->lock);
+		ebis_insert(&p->used_server_addr, &s->addr_node);
+		HA_RWLOCK_WRUNLOCK(PROXY_LOCK, &p->lock);
+	}
 }
 
 /*