Commit 9156d5f
committed
BUG/MEDIUM: log: parsing log-forward options may result in segfault
As reported by GH user @HiggsTeilchen on haproxy#3250, the use of "option
dont-parse-log" may result in segmentation fault when parsing the
configuration. In fact, "option assume-rfc6587-ntf" is also affected.
The reason behind this is that cfg_parse_log_forward() leverages the
cfg_parse_listen_match_option() function to check for generic proxy
options that are relevant in the PR_MODE_SYSLOG context. And while it
is not documented, this function assumes that the currently evaluated
proxy is stored in the global variable 'curproxy', which
cfg_parse_log_forward() doesn't offer.
cfg_parse_listen_match_option() uses curproxy to check the currently
evaluated proxy's capabilities is compatible with the option, so if a
proxy with the frontend capability was defined earlier in the config,
parsing would succeed, if curproxy points to proxy without the frontend
capabilty (ie: backend), a warning would be emitted to tell that the
option would be ignored while it is perfectly valid for the log-forward
proxy, and if no proxy was defined earlier in the config a segfault would
be triggered.
To fix the issue, we explicitly make "curproxy" global variable point to
the log-forward proxy being parsed in cfg_parse_log_forward() before
leveraging cfg_parse_listen_match_option() to check for compatible
options.
It must be backported with 834e9af ("MINOR: log: add options eval for
log-forward"), which was introduced in 3.2 precisely.1 parent 14e890d commit 9156d5f
1 file changed
Lines changed: 3 additions & 0 deletions
| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
6276 | 6276 | | |
6277 | 6277 | | |
6278 | 6278 | | |
| 6279 | + | |
| 6280 | + | |
6279 | 6281 | | |
| 6282 | + | |
6280 | 6283 | | |
6281 | 6284 | | |
6282 | 6285 | | |
| |||
0 commit comments