From: Ricardo Nabinger Sanchez Date: Fri, 29 Mar 2019 00:42:23 +0000 (-0300) Subject: BUG/MAJOR: checks: segfault during tcpcheck_main X-Git-Tag: v2.0-dev3~369 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=4bccea98912c74fa42c665ec25e417c2cca4eee7;p=thirdparty%2Fhaproxy.git BUG/MAJOR: checks: segfault during tcpcheck_main When using TCP health checks (tcp-check connect), it is possible to crash with a segfault when, for reasons yet to be understood, the protocol family is unknown. In the function tcpcheck_main(), proto is dereferenced without a prior test in case it is NULL, leading to the segfault during proto->connect dereference. The line has been unmodified since it was introduced, in commit 69e273f3fcfbfb9cc0fb5a09668faad66cfbd36b. This was the only use of proto (or more specifically, the return of protocol_by_family()) that was unprotected; all other callsites perform the test for a NULL pointer. This patch should be backported to 1.9, 1.8, 1.7, and 1.6. --- diff --git a/src/checks.c b/src/checks.c index 35744c6b78..31004ddf89 100644 --- a/src/checks.c +++ b/src/checks.c @@ -2839,7 +2839,7 @@ static int tcpcheck_main(struct check *check) cs_attach(cs, check, &check_conn_cb); ret = SF_ERR_INTERNAL; - if (proto->connect) + if (proto && proto->connect) ret = proto->connect(conn, 1 /* I/O polling is always needed */, (next && next->action == TCPCHK_ACT_EXPECT) ? 0 : 2);