From: Christopher Faulet Date: Tue, 26 May 2020 13:16:01 +0000 (+0200) Subject: BUG/MEDIUM: connection: Ignore PP2 unique ID for stream-less connections X-Git-Tag: v2.2-dev9~189 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=3ab504f5ff53968ae70d592cba4c1c7da6a0e7ff;p=thirdparty%2Fhaproxy.git BUG/MEDIUM: connection: Ignore PP2 unique ID for stream-less connections It is possible to send a unique ID when the PROXY protocol v2 is used. It relies on the stream to do so. So we must be sure to have a stream. Locally initiated connections may not be linked to a stream. For instance, outgoing connections created by health checks have no stream. Moreover, the stream is not retrieved for mux-less connections (this bug will be fixed in another commit). Unfortunately, in make_proxy_line_v2() function, the stream is not tested before generating the unique-id. This bug leads to a segfault when a health check is performed for a server with the PROXY protocol v2 and the unique-id option enabled. It also crashes for servers using SSL connections with alpn. The bug was introduced by the commit cf6e0c8a8 ("MEDIUM: proxy_protocol: Support sending unique IDs using PPv2") This patch should fix the issue #640. It must be backported to the same versions as the commit above. --- diff --git a/src/connection.c b/src/connection.c index 3e27bdad21..6886768070 100644 --- a/src/connection.c +++ b/src/connection.c @@ -1473,7 +1473,7 @@ int make_proxy_line_v2(char *buf, int buf_len, struct server *srv, struct connec } } - if (srv->pp_opts & SRV_PP_V2_UNIQUE_ID) { + if (strm && (srv->pp_opts & SRV_PP_V2_UNIQUE_ID)) { struct session* sess = strm_sess(strm); struct ist unique_id = stream_generate_unique_id(strm, &sess->fe->format_unique_id);