BUG/MEDIUM: stream: never allocate connection addresses from signal handler

In __strm_dump_to_buffer(), we call conn_get_src()/conn_get_dst() to try
to retrieve the connection's IP addresses. But this function may be called
from a signal handler to dump a currently running stream, and if the
addresses were not allocated yet, a poll_alloc() will be performed while
we might possibly already be running pools code, resulting in pool list
corruption.

Let's just make sure we don't call these sensitive functions there when
called from a signal handler.

This must be backported at least to 3.1 and ideally all other versions,
along with this previous commit:

  MINOR: tinfo: add a new thread flag to indicate a call from a sig handler

diff --git a/src/stream.c b/src/stream.c
index 1a8e4ee1bf4bb00838a8d42460d8c30383c12e0c..4f363a0b1e55d62255fe33d2a335ad993140452b 100644 (file)
--- a/src/stream.c
+++ b/src/stream.c
@@ -3282,7 +3282,12 @@ static void __strm_dump_to_buffer(struct buffer *buf, const struct show_sess_ctx
                     strm_li(strm) ? strm_li(strm)->rx.proto->name : "?");
 
        conn = objt_conn(strm_orig(strm));
-       switch (conn && conn_get_src(conn) ? addr_to_str(conn->src, pn, sizeof(pn)) : AF_UNSPEC) {
+
+       /* be careful not to allocate RAM from a signal handler! */
+       if (conn && !conn->src && !(th_ctx->flags & TH_FL_IN_SIG_HANDLER))
+               conn_get_src(conn);
+
+       switch (conn && conn->src ? addr_to_str(conn->src, pn, sizeof(pn)) : AF_UNSPEC) {
        case AF_INET:
        case AF_INET6:
                chunk_appendf(buf, " source=%s:%d\n",
@@ -3318,7 +3323,11 @@ static void __strm_dump_to_buffer(struct buffer *buf, const struct show_sess_ctx
                     strm_li(strm) ? strm_li(strm)->name ? strm_li(strm)->name : "?" : "?",
                     strm_li(strm) ? strm_li(strm)->luid : 0);
 
-       switch (conn && conn_get_dst(conn) ? addr_to_str(conn->dst, pn, sizeof(pn)) : AF_UNSPEC) {
+       /* be careful not to allocate RAM from a signal handler! */
+       if (conn && !conn->dst && !(th_ctx->flags & TH_FL_IN_SIG_HANDLER))
+               conn_get_dst(conn);
+
+       switch (conn && conn->dst ? addr_to_str(conn->dst, pn, sizeof(pn)) : AF_UNSPEC) {
        case AF_INET:
        case AF_INET6:
                chunk_appendf(buf, " addr=%s:%d\n",
@@ -3344,7 +3353,12 @@ static void __strm_dump_to_buffer(struct buffer *buf, const struct show_sess_ctx
                chunk_appendf(buf, "%s  backend=<NONE> (id=-1 mode=-)", pfx);
 
        conn = sc_conn(strm->scb);
-       switch (conn && conn_get_src(conn) ? addr_to_str(conn->src, pn, sizeof(pn)) : AF_UNSPEC) {
+
+       /* be careful not to allocate RAM from a signal handler! */
+       if (conn && !conn->src && !(th_ctx->flags & TH_FL_IN_SIG_HANDLER))
+               conn_get_src(conn);
+
+       switch (conn && conn->src ? addr_to_str(conn->src, pn, sizeof(pn)) : AF_UNSPEC) {
        case AF_INET:
        case AF_INET6:
                chunk_appendf(buf, " addr=%s:%d\n",
@@ -3369,7 +3383,11 @@ static void __strm_dump_to_buffer(struct buffer *buf, const struct show_sess_ctx
        else
                chunk_appendf(buf, "%s  server=<NONE> (id=-1)", pfx);
 
-       switch (conn && conn_get_dst(conn) ? addr_to_str(conn->dst, pn, sizeof(pn)) : AF_UNSPEC) {
+       /* be careful not to allocate RAM from a signal handler! */
+       if (conn && !conn->dst && !(th_ctx->flags & TH_FL_IN_SIG_HANDLER))
+               conn_get_dst(conn);
+
+       switch (conn && conn->dst ? addr_to_str(conn->dst, pn, sizeof(pn)) : AF_UNSPEC) {
        case AF_INET:
        case AF_INET6:
                chunk_appendf(buf, " addr=%s:%d\n",