From: Aurelien DARRAGON <adarragon@haproxy.com>
Date: Wed, 5 Apr 2023 14:18:40 +0000 (+0200)
Subject: BUG/MINOR: errors: invalid use of memprintf in startup_logs_init()
X-Git-Tag: v2.8-dev7~17
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=b28ded19a496b522568285831555748da0d40615;p=thirdparty%2Fhaproxy.git

BUG/MINOR: errors: invalid use of memprintf in startup_logs_init()

On startup/reload, startup_logs_init() will try to export startup logs shm
filedescriptor through the internal HAPROXY_STARTUPLOGS_FD env variable.

While memprintf() is used to prepare the string to be exported via
setenv(), str_fd argument (first argument passed to memprintf()) could
be non NULL as a result of HAPROXY_STARTUPLOGS_FD env variable being
already set.

Indeed: str_fd is already used earlier in the function to store the result
of getenv("HAPROXY_STARTUPLOGS_FD").

The issue here is that memprintf() is designed to free the 'out' argument
if out != NULL, and here we don't expect str_fd to be freed since it was
provided by getenv() and would result in memory violation.

To prevent any invalid free, we must ensure that str_fd is set to NULL
prior to calling memprintf().

This must be backported in 2.7 with eba6a54cd4 ("MINOR: logs: startup-logs
can use a shm for logging the reload")
---

diff --git a/src/errors.c b/src/errors.c
index 8221adb0e0..ba4b8ced54 100644
--- a/src/errors.c
+++ b/src/errors.c
@@ -145,6 +145,7 @@ void startup_logs_init()
 		if (!r)
 			goto error;
 
+		str_fd = NULL;
 		memprintf(&str_fd, "%d", fd);
 		setenv("HAPROXY_STARTUPLOGS_FD", str_fd, 1);
 		ha_free(&str_fd);