From: Aurelien DARRAGON <adarragon@haproxy.com>
Date: Thu, 11 May 2023 16:49:14 +0000 (+0200)
Subject: BUG/MINOR: errors: handle malloc failure in usermsgs_put()
X-Git-Tag: v2.8-dev12~46
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=d4dba38ab101eee4cbd0c8d8aa21181825ef6472;p=thirdparty%2Fhaproxy.git

BUG/MINOR: errors: handle malloc failure in usermsgs_put()

usermsgs_buf.size is set without first checking if previous malloc
attempt succeeded.

This could fool the buffer API into assuming that the buffer is
initialized, resulting in unsafe read/writes.

Guarding usermsgs_buf.size assignment with the malloc attempt result
to make the buffer initialization safe against malloc failures.

This partially fixes GH #2130.

It should be backported up to 2.6.
---

diff --git a/src/errors.c b/src/errors.c
index 2e9d6afb7e..5913cb1d50 100644
--- a/src/errors.c
+++ b/src/errors.c
@@ -229,7 +229,8 @@ static void usermsgs_put(const struct ist *msg)
 	/* Allocate the buffer if not already done. */
 	if (unlikely(b_is_null(&usermsgs_buf))) {
 		usermsgs_buf.area = malloc(USER_MESSAGES_BUFSIZE * sizeof(char));
-		usermsgs_buf.size = USER_MESSAGES_BUFSIZE;
+		if (usermsgs_buf.area)
+			usermsgs_buf.size = USER_MESSAGES_BUFSIZE;
 	}
 
 	if (likely(!b_is_null(&usermsgs_buf))) {