From: Aurelien DARRAGON Date: Mon, 21 Nov 2022 16:01:11 +0000 (+0100) Subject: BUG/MINOR: cfgparse-listen: fix ebpt_next_dup pointer dereference on proxy "from... X-Git-Tag: v2.7-dev10~35 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=9dce88ba2cb73b6c3665b4eeaa74186ebce2c7a5;p=thirdparty%2Fhaproxy.git BUG/MINOR: cfgparse-listen: fix ebpt_next_dup pointer dereference on proxy "from" inheritance ebpt_next_dup() was used 2 times in a row but only the first call was checked against NULL, probably assuming that the 2 calls always yield the same result here. gcc is not OK with that, and it should be safer to store the result of the first call in a temporary var to dereference it once checked against NULL. This should fix GH #1869. Thanks to Ilya for reporting this issue. It may be backported up to 2.4. --- diff --git a/src/cfgparse-listen.c b/src/cfgparse-listen.c index 258a3581ca..258564404a 100644 --- a/src/cfgparse-listen.c +++ b/src/cfgparse-listen.c @@ -291,6 +291,8 @@ int cfg_parse_listen(const char *file, int linenum, char **args, int kwm) curr_defproxy = last_defproxy; if (strcmp(args[arg], "from") == 0) { + struct ebpt_node *next_by_name; + curr_defproxy = proxy_find_by_name(args[arg+1], PR_CAP_DEF, 0); if (!curr_defproxy) { @@ -299,8 +301,8 @@ int cfg_parse_listen(const char *file, int linenum, char **args, int kwm) goto out; } - if (ebpt_next_dup(&curr_defproxy->conf.by_name)) { - struct proxy *px2 = container_of(ebpt_next_dup(&curr_defproxy->conf.by_name), struct proxy, conf.by_name); + if ((next_by_name = ebpt_next_dup(&curr_defproxy->conf.by_name))) { + struct proxy *px2 = container_of(next_by_name, struct proxy, conf.by_name); ha_alert("parsing [%s:%d] : ambiguous defaults section name '%s' referenced by %s '%s' exists at least at %s:%d and %s:%d.\n", file, linenum, args[arg+1], proxy_cap_str(rc), name,