From: Willy Tarreau <w@1wt.eu>
Date: Mon, 8 Dec 2014 10:52:28 +0000 (+0100)
Subject: BUG/MEDIUM: tcp-check: don't rely on random memory contents
X-Git-Tag: v1.6-dev1~250
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=d2a49592faca66381303d8e0d63665ae44046def;p=thirdparty%2Fhaproxy.git

BUG/MEDIUM: tcp-check: don't rely on random memory contents

If "option tcp-check" is used and no "tcp-check" rule is specified, we
only look at rule->action which dereferences the proxy's memory and which
can randomly match TCPCHK_ACT_CONNECT or whatever else, causing a check
to fail. This bug is the result of an incorrect fix attempted in commit
f621bea ("BUG/MINOR: tcpcheck connect wrong behavior").

This fix must be backported into 1.5.
---

diff --git a/src/checks.c b/src/checks.c
index f6fb23d5f5..6a72728615 100644
--- a/src/checks.c
+++ b/src/checks.c
@@ -1442,7 +1442,7 @@ static int connect_conn_chk(struct task *t)
 		set_host_port(&conn->addr.to, check->port);
 	}
 
-	if (check->type == PR_O2_TCPCHK_CHK) {
+	if (check->type == PR_O2_TCPCHK_CHK && !LIST_ISEMPTY(&s->proxy->tcpcheck_rules)) {
 		struct tcpcheck_rule *r = (struct tcpcheck_rule *) s->proxy->tcpcheck_rules.n;
 		/* if first step is a 'connect', then tcpcheck_main must run it */
 		if (r->action == TCPCHK_ACT_CONNECT) {