Re: another cppcheck finding

2017-10-04 9:15 GMT+05:00 Willy Tarreau : > Hi Ilya, > > [also CCing Baptiste] > > On Tue, Oct 03, 2017 at 05:25:17PM +0500, ??? wrote: > > [src/dns.c:2502]: (error) Memory leak: buffer > > > > > > I do not see any "buffer" usage except conditional free. > > should we just

Re: Haproxy segfault error 4 in libc-2.24

Okay, mh if there is another way to forbid any kind of "sleep" as url parameter not crashing haproxy, I'll use this. Any ideas? Where should I change this? I installed haproxy from repository... Thanks for helping... Marcus

Re: another cppcheck finding

Hi Ilya, [also CCing Baptiste] On Tue, Oct 03, 2017 at 05:25:17PM +0500, ??? wrote: > [src/dns.c:2502]: (error) Memory leak: buffer > > > I do not see any "buffer" usage except conditional free. > should we just remove "buffer" from there ? I think you're referring to this part :

Re: Haproxy segfault error 4 in libc-2.24

On Wed, Oct 04, 2017 at 05:07:07AM +0200, Willy Tarreau wrote: > On Wed, Oct 04, 2017 at 04:40:53AM +0200, Willy Tarreau wrote: > > On Tue, Oct 03, 2017 at 06:57:45PM +0200, Marcus Ulbrich wrote: > > > Hey Jarno, > > > > > > This seems to work stable! > > > The idea for this acl was to prevent

Re: Haproxy segfault error 4 in libc-2.24

On Wed, Oct 04, 2017 at 04:40:53AM +0200, Willy Tarreau wrote: > On Tue, Oct 03, 2017 at 06:57:45PM +0200, Marcus Ulbrich wrote: > > Hey Jarno, > > > > This seems to work stable! > > The idea for this acl was to prevent attackers testing for example MySQL > > injection by sleep command. ,,sleep"

Re: Haproxy segfault error 4 in libc-2.24

On Tue, Oct 03, 2017 at 06:57:45PM +0200, Marcus Ulbrich wrote: > Hey Jarno, > > This seems to work stable! > The idea for this acl was to prevent attackers testing for example MySQL > injection by sleep command. ,,sleep" is in none of our URLs! > Do you have an idea about an acl about this not

Re: [PATCH] BUG/MAJOR: tcp/http: set-dst-port action broken

Hi Baptiste, On Tue, Oct 03, 2017 at 11:31:37PM +0200, Baptiste wrote: > Hi, > > A regression has been introduced into the function handling TCP/HTTP action > "set-dst-port". > It actually does not change the right port (changing the source port on the > server side connection instead of

[PATCH] BUG/MAJOR: tcp/http: set-dst-port action broken

Hi, A regression has been introduced into the function handling TCP/HTTP action "set-dst-port". It actually does not change the right port (changing the source port on the server side connection instead of changing the destination one). The patch in attachment fixes this issue. Baptiste From

Re: Haproxy segfault error 4 in libc-2.24

Hey Jarno, This seems to work stable! The idea for this acl was to prevent attackers testing for example MySQL injection by sleep command. „sleep“ is in none of our URLs! Do you have an idea about an acl about this not crashing haproxy? Thanks a lot! Marcus

Re: Haproxy segfault error 4 in libc-2.24

Hi, On Tue, Oct 03, Marcus Ulbrich wrote: >     #denysleep arguments in url >     acl sleeper url_sub,url_dec,lower -m sub sleep( >     http-request deny if sleeper Stack trace had sample_conv_str2lower: >> #4 sample_conv_str2lower (arg_p=, smp=0x7fff217f4f80, >> private=) at src/sample.c:1518

Re: Haproxy segfault error 4 in libc-2.24

❦ 3 octobre 2017 17:54 +0200, Marcus Ulbrich  : > yes... it crashed after 5mins also without this acl. I was suspecting this ACL as this is the only one with a case-insensitive match. But maybe the same codepath is used when matching header names. > I should test

Re: Haproxy segfault error 4 in libc-2.24

yes... it crashed after 5mins also without this acl. I should test commenting all acl for testing. Is there no way to see what acl was active, when haproxy crashes? Thank you very much so far...

Re: Haproxy segfault error 4 in libc-2.24

❦ 3 octobre 2017 16:34 +0200, Marcus Ulbrich  : >     acl badbots hdr_reg(User-Agent) -i -f /etc/haproxy/badbots.lst >     http-request deny if badbots !whitelistips_agents Try removing this one and check if it still crashes (hoping there is only one crash). --

Re: Haproxy segfault error 4 in libc-2.24

Okay... here is the config: There is another frontend for port 8080... but the same scheme... I left it out here... global     log /dev/log local0     log /dev/log local1 notice     chroot /var/lib/haproxy     stats socket /run/haproxy/admin.sock mode 660 level admin     stats timeout 30s    

Re: Consider mentioning haproxystats in the site

On Tue, Oct 03, 2017 at 02:39:30PM +0200, Pavlos Parissis wrote: > >> Forgot to mention that link for the project: > >> https://github.com/unixsurfer/haproxystats > > > > Sure! Where do you want it to appear exactly ? > > > > Willy > > > > Under the quick links section in the main page, below

Re: Consider mentioning haproxystats in the site

On 03/10/2017 01:55 μμ, Willy Tarreau wrote: > Hi Pavlos, > > On Wed, Sep 27, 2017 at 11:40:07AM +0200, Pavlos Parissis wrote: >> On 27/09/2017 10:36 ?u, Pavlos Parissis wrote: >>> Hello all, >>> >>> haproxystats has been running for more than one year in production and has >>> been proven

another cppcheck finding

hello! [src/dns.c:2502]: (error) Memory leak: buffer I do not see any "buffer" usage except conditional free. should we just remove "buffer" from there ? Cheers, Ilya Shipitsin

Re: Consider mentioning haproxystats in the site

Hi Pavlos, On Wed, Sep 27, 2017 at 11:40:07AM +0200, Pavlos Parissis wrote: > On 27/09/2017 10:36 ?u, Pavlos Parissis wrote: > > Hello all, > > > > haproxystats has been running for more than one year in production and has > > been proven stable and > > very useful. > > > > Forgot to mention

Re: resolve memory leak in contrib/halog/halog.c

Hi, On Tue, Oct 03, 2017 at 10:14:44AM +0500, ??? wrote: > Ack/Nack ? sorry, I didn't notice it. Now applied, thanks! Willy

Re: Haproxy segfault error 4 in libc-2.24

On Mon, Oct 02, 2017 at 05:16:13PM +0200, Vincent Bernat wrote: > ? 2 octobre 2017 17:06 +0200, Marcus Ulbrich   > : > > > I even get no core dump with the python oneliner either with chroot > > nor without... > > So, kernel.core_pattern seems to be problematic

Re: Haproxy segfault error 4 in libc-2.24

❦ 3 octobre 2017 11:29 +0200, Marcus Ulbrich  : > and here is the coredump with libssl and haproxy... I can not get > clear about this: Not the same one as previously. But this one is entirely in HAProxy. For this one, I think an excerpt of your configuration

Re: Aw: Re: Haproxy segfault error 4 in libc-2.24

❦ 3 octobre 2017 11:15 +0200, lu...@gmx.net : >> Could you get another one with libssl1.1-dbgsym installed? > > Mmmh there is no libssl1.1-dbgsym in stretch, only in sid? > > I do think we need those stack traces from libssl. It should be there. But you need to enable the right repository:

Re: [PATCHES][ssl] Add 0-RTT support with OpenSSL 1.1.1

Hi Olivier, Great to see a version of more ‘secure’ 0-RTT implementation. > Le 2 oct. 2017 à 17:18, Olivier Houchard a écrit : > > Hi, > > The attached patches add experimental support for 0-RTT with OpenSSL 1.1.1 > They are based on Emmanuel's previous patches, so I'm

Re: Haproxy segfault error 4 in libc-2.24

Hey, thank you all for helping! okay the output you wish to know: Package: libssl1.1 Source: openssl Version: 1.1.0f-3 Installed-Size: 3524 Maintainer: Debian OpenSSL Team Architecture: amd64 Depends: libc6 (>= 2.14), debconf (>= 0.5) | debconf-2.0

Aw: Re: Haproxy segfault error 4 in libc-2.24

Hello, > Could you get another one with libssl1.1-dbgsym installed? Mmmh there is no libssl1.1-dbgsym in stretch, only in sid? I do think we need those stack traces from libssl. > Okay... I've got a core dump... Thanks a lot!!! > > But what this means? Is the openssl package uptodate? It