Re: [PATCH 3/3] BUG/MINOR: haproxy: Free rule->arg.vars.expr during deinit_act_rules

Sun, 14 Jun 2020 07:30:02 -0700 

Hello,

On Sun, Jun 14, 2020 at 7:40 AM Willy Tarreau <w...@1wt.eu> wrote:
> On Sun, Jun 14, 2020 at 12:37:43AM +0200, Tim Duesterhus wrote:
> > careful with this one: I don't know whether it's safe to simply free the
> > expression there or whether I need to somehow check whether there actually
> > is some expression.
> >
> > It does not crash with my stupid example configuration showcasing the leak,
> > but of course real world configurations might or might not trigger a bogus
> > free there.
>
> It seems to be OK. I was worried that the pointer could be part of a union
> containing either the expression or its text version during parsing, but
> this doesn't seem to be the case, so apparently it's OK to always free it
> if it appears in a rule.

After this patch, I'm getting a segfault after firing an USR1 signal
to trigger the deinit:

#0  0x000055b653aaec34 in release_sample_expr (expr=0x55b654766bc0) at
src/sample.c:1427
b1427           list_for_each_entry_safe(conv_expr, conv_exprb,
&expr->conv_exprs, list)
(gdb) bt
#0  0x000055b653aaec34 in release_sample_expr (expr=0x55b654766bc0) at
src/sample.c:1427
#1  0x000055b653b0d884 in deinit_act_rules (rules=0x55b6547644b0) at
src/haproxy.c:2559
#2  0x000055b653b0f09d in deinit () at src/haproxy.c:2707
#3  0x000055b653b0fef8 in deinit_and_exit (status=0) at src/haproxy.c:2872
#4  0x000055b6539f7256 in main (argc=<optimized out>, argv=<optimized
out>) at src/haproxy.c:3771

Here is my config:

global
    log 127.0.0.1 format rfc5424 local0 info
    daemon
    stats timeout 2m
    set-dumpable
    nbproc 1
    tune.bufsize 33792
    ssl-server-verify none
    nbthread 16
    cpu-map auto:1/1-16 0-15
    spread-checks 5
    strict-limits
    no busy-polling

defaults
    mode http
    log global
    option httplog
    option http-keep-alive
    option forwardfor except 127.0.0.0/8
    option redispatch 1
    option http-ignore-probes
    retries 3
    retry-on conn-failure empty-response response-timeout 0rtt-rejected
    timeout http-request 10s
    timeout queue 1s
    timeout connect 10s
    timeout client 180s
    timeout server 180s
    timeout http-keep-alive 10s
    timeout check 5s
    balance roundrobin
    http-reuse always
    default-server inter 5s fastinter 1s fall 3 slowstart 20s observe
layer7 error-limit 5 on-error fail-check pool-purge-delay 10s tfo
    http-check expect status 200

listen stats
    bind *:8080
    stats enable
    stats uri /haproxy_stats
    http-request use-service prometheus-exporter if { path /metrics }
    monitor-uri /

frontend fe_foo
    bind 127.0.0.1:80 name http_ip4 process 1/all tfo

    acl http  ssl_fc,not
    acl https ssl_fc
    monitor-uri /delivery/monitor/lb-check
    # errorfile 200 /etc/haproxy/errorfiles/200.http
    tcp-request content capture fc_rtt len 10
    capture request header Host len 64
    capture request header user-agent len 128
    capture request header cf-ray len 20
    log-format "%tr %TR/%Tw/%Ta %ac/%fc/%bc/%sc/%rc %sq/%bq %{+Q}r"
    log-format-sd [user@51719\ src_ip=\"%ci\"\ src_port=\"%cp\"\
ftd=\"%f\"\ bkd=\"%b\"\ srv=\"%si:%sp\"\ status=\"%ST\"\
bytes_r=\"%B\"\ tsc=\"%tsc\"\ sslv=\"%sslv\"\ sslc=\"%sslc\"\
h_host=\"%[capture.req.hdr(1)]\"\ meth=\"%HM\"\ version=\"%HV\"\
h_ua=\"%[capture.req.hdr(2)]\"\
cf_dc=\"%[capture.req.hdr(3),word(2,-)]\"\
fc_rtt=\"%[capture.req.hdr(0)]\"\ time_tr=\"%Tr\"\ time_tc=\"%Tc\"\
time_tt=\"%Tt\"]
    http-response set-log-level silent if { rand(100) ge 1 }

    http-request del-header connection if { req.hdr(connection) close }
    http-request set-header x-proto ssl if https
    http-request set-header x-forwarded-proto https if https
    http-request set-header x-tls-sessionid %[ssl_fc_session_id,hex] if https
    http-request add-header x-client-ip %[src]
    http-request set-header client-ip %[src]

    http-request set-header x-real-host %[req.hdr(host)]
    http-request set-header x-server-address %[dst]
    acl content_encoding_header_exists req.hdr(content-encoding) -m found
    http-request set-header x-original-content-encoding
%[req.hdr(content-encoding)] if content_encoding_header_exists
    acl host_header_exists req.hdr(host) -m found
    http-request set-header host %[req.hdr(host),field(1,:)] if
host_header_exists
    acl ::disabled_http_methods method CONNECT
    http-request deny if ::disabled_http_methods
    http-request disable-l7-retry if ! METH_GET
    http-request redirect scheme https code 302 if !{ ssl_fc } METH_GET
    http-request redirect scheme https code 307 if !{ ssl_fc } ! METH_GET

    default_backend be_foo

backend be_foo
   server srv0 127.0.0.1:6011 weight 1

-- 
William

Reply via email to