From: Willy Tarreau Date: Fri, 19 Nov 2010 10:27:18 +0000 (+0100) Subject: [BUG] capture: do not capture a cookie if there is no memory left X-Git-Tag: v1.5-dev8~366 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=f70fc75296aa899baac390a21a4ddbcb135f4b67;p=thirdparty%2Fhaproxy.git [BUG] capture: do not capture a cookie if there is no memory left In case of out of memory, it was possible to write to a null pointer when capturing response cookies due to a missing "else" block. The request handling was fine though. (cherry picked from commit 62e3604d7dd27741c0b4c9e27d9e7c73495dfc32) --- diff --git a/src/proto_http.c b/src/proto_http.c index db8676932f..e06a78274e 100644 --- a/src/proto_http.c +++ b/src/proto_http.c @@ -6766,11 +6766,12 @@ void manage_server_side_cookies(struct session *t, struct buffer *res) if ((txn->srv_cookie = pool_alloc2(pool2_capture)) == NULL) { Alert("HTTP logging : out of memory.\n"); } - - if (log_len > t->fe->capture_len) - log_len = t->fe->capture_len; - memcpy(txn->srv_cookie, att_beg, log_len); - txn->srv_cookie[log_len] = 0; + else { + if (log_len > t->fe->capture_len) + log_len = t->fe->capture_len; + memcpy(txn->srv_cookie, att_beg, log_len); + txn->srv_cookie[log_len] = 0; + } } /* now check if we need to process it for persistence */