v2 commit message adjusted сб, 27 июн. 2020 г. в 12:42, Илья Шипицин <[email protected]>:
> Hello, > > I added extra checks to fix #660 > > Cheers, > Ilya Shipitcin >
From 4f62799eba5db5fe6400d458877677f098da3b13 Mon Sep 17 00:00:00 2001 From: Ilya Shipitsin <[email protected]> Date: Sun, 12 Jul 2020 15:24:55 +0500 Subject: [PATCH] src/server.c: add extra guards when loading state file this should fix #660 we can only load 'local' state file, if file is corrupted, we should check filepath against NULL also, global server state file should be properly closed upon read. otherwise, it might leak on haproxy reload. when reading global server state file we should check string lenght, if file was corrupted we might observe overflow otherwise. --- src/server.c | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/src/server.c b/src/server.c index 05b19d4e1..54239c63c 100644 --- a/src/server.c +++ b/src/server.c @@ -3265,6 +3265,7 @@ void apply_server_state(void) /* free up memory in case of error during the processing of the line */ free(line); } + fclose(f); } out_load_server_state_in_tree: @@ -3360,6 +3361,8 @@ void apply_server_state(void) goto next; st = container_of(node, struct state_line, name_name); + if (strlen(st->line) > SRV_STATE_LINE_MAXLEN) + goto next; memcpy(mybuf, st->line, strlen(st->line)); mybuf[strlen(st->line)] = 0; @@ -3375,7 +3378,7 @@ void apply_server_state(void) continue; /* next proxy in list */ } - else { + else if (filepath) { /* load 'local' state file */ errno = 0; f = fopen(filepath, "r"); @@ -3447,9 +3450,9 @@ void apply_server_state(void) /* now we can proceed with server's state update */ srv_update_state(srv, version, srv_params); } + fileclose: + fclose(f); } -fileclose: - fclose(f); } /* now free memory allocated for the tree */ -- 2.26.2
