upstream/haproxy
1
0
Fork 0
mirror of https://github.com/haproxy/haproxy.git synced 2026-02-03 20:39:41 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions 10

BUG/MEDIUM: log: parsing log-forward options may result in segfault
Some checks are pending
Contrib / build (push) Waiting to run
Details
alpine/musl / gcc (push) Waiting to run
Details
VTest / Generate Build Matrix (push) Waiting to run
Details
VTest / (push) Blocked by required conditions
Details
Windows / Windows, gcc, all features (push) Waiting to run
Details

Browse source 
As reported by GH user @HiggsTeilchen on #3250, the use of "option
dont-parse-log" may result in segmentation fault when parsing the
configuration. In fact, "option assume-rfc6587-ntf" is also affected.

The reason behind this is that cfg_parse_log_forward() leverages the
cfg_parse_listen_match_option() function to check for generic proxy
options that are relevant in the PR_MODE_SYSLOG context. And while it
is not documented, this function assumes that the currently evaluated
proxy is stored in the global variable 'curproxy', which
cfg_parse_log_forward() doesn't offer.

cfg_parse_listen_match_option() uses curproxy to check the currently
evaluated proxy's capabilities is compatible with the option, so if a
proxy with the frontend capability was defined earlier in the config,
parsing would succeed, if curproxy points to proxy without the frontend
capabilty (ie: backend), a warning would be emitted to tell that the
option would be ignored while it is perfectly valid for the log-forward
proxy, and if no proxy was defined earlier in the config a segfault would
be triggered.

To fix the issue, we explicitly make "curproxy" global variable point to
the log-forward proxy being parsed in cfg_parse_log_forward() before
leveraging cfg_parse_listen_match_option() to check for compatible
options.

It must be backported with 834e9af8 ("MINOR: log: add options eval for
log-forward"), which was introduced in 3.2 precisely.
This commit is contained in:
Aurelien DARRAGON 2026-01-19 16:35:37 +01:00
parent 14e890d85e
commit 9156d5f775
1 changed files with 3 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
src/log.c
View file

@ -6276,7 +6276,10 @@ int cfg_parse_log_forward(const char *file, int linenum, char **args, int kwm)
/* only consider options that are frontend oriented and log oriented, such options may be set
* in px->options2 because px->options is already full of tcp/http oriented options
* also, cfg_parse_listen_match_option() assumes global curproxy variable points to
* currently evaluated proxy
*/
curproxy = cfg_log_forward;
if (cfg_parse_listen_match_option(file, linenum, kwm, cfg_opts3, &err_code, args,
PR_MODE_SYSLOG, PR_CAP_FE,
&cfg_log_forward->options3, &cfg_log_forward->no_options3))