From: Thierry FOURNIER Date: Fri, 12 May 2017 14:32:20 +0000 (+0200) Subject: BUG/MEDIUM: lua: segfault if a converter or a sample doesn't return anything X-Git-Tag: v1.8-dev2~35 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=fd80df11c37af2d5d3c9a8659d45905638de717c;p=thirdparty%2Fhaproxy.git BUG/MEDIUM: lua: segfault if a converter or a sample doesn't return anything In the case of a Lua sample-fetch or converter doesn't return any value, an acces outside the Lua stack can be performed. This patch check the stack size before converting the top value to a HAProxy internal sample. A workaround consist to check that a value value is always returned with sample fetches and converters. This patch should be backported in the version 1.6 and 1.7 --- diff --git a/src/hlua.c b/src/hlua.c index 643d3fce0b..b8d2c88de3 100644 --- a/src/hlua.c +++ b/src/hlua.c @@ -5496,6 +5496,10 @@ static int hlua_sample_conv_wrapper(const struct arg *arg_p, struct sample *smp, switch (hlua_ctx_resume(stream->hlua, 0)) { /* finished. */ case HLUA_E_OK: + /* If the stack is empty, the function fails. */ + if (lua_gettop(stream->hlua->T) <= 0) + return 0; + /* Convert the returned value in sample. */ hlua_lua2smp(stream->hlua->T, -1, smp); lua_pop(stream->hlua->T, 1); @@ -5617,6 +5621,10 @@ static int hlua_sample_fetch_wrapper(const struct arg *arg_p, struct sample *smp stream_int_retnclose(&stream->si[0], &msg); return 0; } + /* If the stack is empty, the function fails. */ + if (lua_gettop(stream->hlua->T) <= 0) + return 0; + /* Convert the returned value in sample. */ hlua_lua2smp(stream->hlua->T, -1, smp); lua_pop(stream->hlua->T, 1);