From: Willy Tarreau <w@1wt.eu>
Date: Wed, 26 Nov 2014 12:24:24 +0000 (+0100)
Subject: BUG/MEDIUM: payload: ensure that a request channel is available
X-Git-Tag: v1.6-dev1~254
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=83f2592bcd2e186beeabcba16be16faaab82bd39;p=thirdparty%2Fhaproxy.git

BUG/MEDIUM: payload: ensure that a request channel is available

Denys Fedoryshchenko reported a segfault when using certain
sample fetch functions in the "tcp-request connection" rulesets
despite the warnings. This is because some tests for the existence
of the channel were missing.

The fetches which were fixed are :
  - req.ssl_hello_type
  - rep.ssl_hello_type
  - req.ssl_sni

This fix must be backported to 1.5.
---

diff --git a/src/payload.c b/src/payload.c
index 4057f6f856..f62163c414 100644
--- a/src/payload.c
+++ b/src/payload.c
@@ -72,6 +72,9 @@ smp_fetch_ssl_hello_type(struct proxy *px, struct session *s, void *l7, unsigned
 
 	chn = ((opt & SMP_OPT_DIR) == SMP_OPT_DIR_RES) ? s->rep : s->req;
 
+	if (!chn)
+		goto not_ssl_hello;
+
 	bleft = chn->buf->i;
 	data = (const unsigned char *)chn->buf->p;
 
@@ -276,6 +279,9 @@ smp_fetch_ssl_hello_sni(struct proxy *px, struct session *s, void *l7, unsigned
 
 	chn = ((opt & SMP_OPT_DIR) == SMP_OPT_DIR_RES) ? s->rep : s->req;
 
+	if (!chn)
+		goto not_ssl_hello;
+
 	bleft = chn->buf->i;
 	data = (unsigned char *)chn->buf->p;