Hello,
On 6/18/20 12:35 AM, Daniel Corbett wrote:
Hello,
When using a ring log in combination with proto fcgi, it was possible
to cause a crash by sending a request for a non-existent fastcgi file
to php-fpm, causing it to produce the error "Primary script unknown".
When php-fpm produces this error for some reason a sink is not able to be
established and __do_send_log gets passed a null sink.
This commit verifies that the sink exists in __do_send_log before
attempting
to use it.
My apologies, I mentioned the wrong function in the commit message, the
fix was applied in sink_write and not __do_send_log. Attached is an
amended commit.
Thanks,
-- Daniel
>From 90e1a21db447da3053bd80cede5b45628004117f Mon Sep 17 00:00:00 2001
From: Daniel Corbett <dcorb...@haproxy.com>
Date: Thu, 18 Jun 2020 00:10:17 -0400
Subject: [PATCH] BUG/MEDIUM: sink: fix crash when null sink is used in
sink_write
When using a ring log in combination with proto fcgi, it was possible
to cause a crash by sending a request for a non-existent fastcgi file
to php-fpm, causing it to produce the error "Primary script unknown".
When php-fpm produces this error for some reason a sink is not able to be
established and sink_write gets passed a null sink.
This commit verifies that the sink exists in sink_write before attempting
to use it.
---
include/haproxy/sink.h | 3 +++
1 file changed, 3 insertions(+)
diff --git a/include/haproxy/sink.h b/include/haproxy/sink.h
index 025fa4185..b290d2189 100644
--- a/include/haproxy/sink.h
+++ b/include/haproxy/sink.h
@@ -49,6 +49,9 @@ static inline ssize_t sink_write(struct sink *sink, const struct ist msg[], size
{
ssize_t sent;
+ if (!sink)
+ goto fail;
+
if (unlikely(sink->ctx.dropped > 0)) {
/* We need to take an exclusive lock so that other producers
* don't do the same thing at the same time and above all we
--
2.17.1
