BUG/MEDIUM: check: Skip tcpcheck post-config for external checks

When an external check was configured on a backend, the tcpcheck post config
for backend's servers was still performed instead to be skipped. The led to
a NULL-deref on the tcpcheck ruleset pointer and so to a segfault.

It seems to be only an issue for the 3.4 and higher. However, for older
versions, the tcpcheck post-config is still performed for external checks
and it is not really clean. This can hide some bugs.

For the 3.4, a workaround consists in configuring the backend to use a
tcp-check before configuring the external check:

  backend be
    option tcp-check
    option external-check
    ...

This patch should fix the issue #3407. It could be good to backport it to
all supported versions.

diff --git a/src/check.c b/src/check.c
index 01c3d21329eba37e748ba9ba2ed361ba8e6f1888..be979468031ba7add109aee310c1f357950e4de9 100644 (file)
--- a/src/check.c
+++ b/src/check.c
@@ -1799,6 +1799,9 @@ int init_srv_check(struct server *srv)
        if (!srv->do_check || !(srv->proxy->cap & PR_CAP_BE))
                goto out;
 
+       if ((srv->proxy->options2 & PR_O2_CHK_ANY) != PR_O2_TCPCHK_CHK)
+               goto init;
+
        check_type = srv->check.tcpcheck->rs->flags & TCPCHK_RULES_PROTO_CHK;
 
        if (!(srv->flags & SRV_F_DYNAMIC)) {