From: Ilya Shipitsin Date: Fri, 14 Sep 2018 19:50:05 +0000 (+0500) Subject: BUG/MINOR: connection: avoid null pointer dereference in send-proxy-v2 X-Git-Tag: v1.9-dev4~95 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=ca56fce8bd271928b18d38b439bd35bd273fe8d4;p=thirdparty%2Fhaproxy.git BUG/MINOR: connection: avoid null pointer dereference in send-proxy-v2 found by coverity. [wt: this bug was introduced by commit 404d978 ("MINOR: add ALPN information to send-proxy-v2"). It might be triggered by a health check on a server using ppv2 or by an applet making use of such a server, if at all configurable]. This needs to be backported to 1.8. --- diff --git a/src/connection.c b/src/connection.c index 06e1ed840d..c0da874bd4 100644 --- a/src/connection.c +++ b/src/connection.c @@ -996,6 +996,7 @@ int conn_recv_netscaler_cip(struct connection *conn, int flag) return 0; } +/* Note: is explicitly allowed to be NULL */ int make_proxy_line(char *buf, int buf_len, struct server *srv, struct connection *remote) { int ret = 0; @@ -1107,6 +1108,7 @@ static int make_tlv(char *dest, int dest_len, char type, uint16_t length, const return length + sizeof(*tlv); } +/* Note: is explicitly allowed to be NULL */ int make_proxy_line_v2(char *buf, int buf_len, struct server *srv, struct connection *remote) { const char pp2_signature[] = PP2_SIGNATURE; @@ -1191,7 +1193,7 @@ int make_proxy_line_v2(char *buf, int buf_len, struct server *srv, struct connec ret += make_tlv(&buf[ret], (buf_len - ret), PP2_TYPE_CRC32C, sizeof(zero_crc32c), (const char *)&zero_crc32c); } - if (conn_get_alpn(remote, &value, &value_len)) { + if (remote && conn_get_alpn(remote, &value, &value_len)) { if ((buf_len - ret) < sizeof(struct tlv)) return 0; ret += make_tlv(&buf[ret], (buf_len - ret), PP2_TYPE_ALPN, value_len, value);