mirror of https://github.com/haproxy/haproxy.git synced 2026-05-26 19:22:57 -04:00

HAProxy - Load balancer

Find a file

Willy Tarreau 6cbcb4f9db BUG/MINOR: resolvers: fix leaked fields on cfg_parse_resolvers() error paths cfg_parse_resolvers() has many error paths on allocation failure when parsing "nameserver". These paths handle their own cleanup instead of centralizing it. The result is that some errors paths leak some fields. The most complex ones are the strdup() failures which require to check for stream or dgram to figure what to free. These can be detected via ASAN on a dummy strdup() allocation failure: Indirect leak of 131080 byte(s) in 1 object(s) allocated from: #0 0x7f0b7ed1f0ab in malloc (/usr/lib64/libasan.so.8+0x11f0ab) #1 0x000000c73e19 in dns_ring_new src/dns_ring.c:59 #2 0x000000af1848 in dns_dgram_init src/dns.c:480 #3 0x000000922005 in cfg_parse_resolvers src/resolvers.c:3792 #4 0x00000089d33e in parse_cfg src/cfgparse.c:2202 #5 0x0000009e0a39 in read_cfg src/haproxy.c:1142 #6 0x000000447e8c in main src/haproxy.c:3474 #7 0x7f0b7e02ad13 in __libc_start_call_main (/lib64/libc.so.6+0x2ad13) #8 0x7ffd35f1531c ([stack]+0x2031c) Indirect leak of 304 byte(s) in 1 object(s) allocated from: #0 0x7f0b7ed1ea23 in calloc (/usr/lib64/libasan.so.8+0x11ea23) #1 0x000000af1681 in dns_dgram_init src/dns.c:468 #2 0x000000922005 in cfg_parse_resolvers src/resolvers.c:3792 #3 0x00000089d33e in parse_cfg src/cfgparse.c:2202 #4 0x0000009e0a39 in read_cfg src/haproxy.c:1142 #5 0x000000447e8c in main src/haproxy.c:3474 #6 0x7f0b7e02ad13 in __libc_start_call_main (/lib64/libc.so.6+0x2ad13) #7 0x7ffd35f1531c ([stack]+0x2031c) Indirect leak of 104 byte(s) in 1 object(s) allocated from: #0 0x7f0b7ed1ea23 in calloc (/usr/lib64/libasan.so.8+0x11ea23) #1 0x000000921f83 in cfg_parse_resolvers src/resolvers.c:3772 #2 0x00000089d33e in parse_cfg src/cfgparse.c:2202 #3 0x0000009e0a39 in read_cfg src/haproxy.c:1142 #4 0x000000447e8c in main src/haproxy.c:3474 #5 0x7f0b7e02ad13 in __libc_start_call_main (/lib64/libc.so.6+0x2ad13) #6 0x7ffd35f1531c ([stack]+0x2031c) Indirect leak of 64 byte(s) in 1 object(s) allocated from: #0 0x7f0b7ed1f0ab in malloc (/usr/lib64/libasan.so.8+0x11f0ab) #1 0x000000c73e09 in dns_ring_new src/dns_ring.c:55 #2 0x000000af1848 in dns_dgram_init src/dns.c:480 #3 0x000000922005 in cfg_parse_resolvers src/resolvers.c:3792 #4 0x00000089d33e in parse_cfg src/cfgparse.c:2202 #5 0x0000009e0a39 in read_cfg src/haproxy.c:1142 #6 0x000000447e8c in main src/haproxy.c:3474 #7 0x7f0b7e02ad13 in __libc_start_call_main (/lib64/libc.so.6+0x2ad13) #8 0x7ffd35f1531c ([stack]+0x2031c) Indirect leak of 15 byte(s) in 1 object(s) allocated from: #0 0x7f0b7ed18e20 in strdup (/usr/lib64/libasan.so.8+0x118e20) #1 0x00000092203b in cfg_parse_resolvers src/resolvers.c:3798 #2 0x00000089d33e in parse_cfg src/cfgparse.c:2202 #3 0x0000009e0a39 in read_cfg src/haproxy.c:1142 #4 0x000000447e8c in main src/haproxy.c:3474 #5 0x7f0b7e02ad13 in __libc_start_call_main (/lib64/libc.so.6+0x2ad13) #6 0x7ffd35f1531c ([stack]+0x2031c) This should be completely reworked so that the cleanup is performed in a central place, as the risk to get it wrong remains high. This patch does the minimal changes to clean this up. It does not need to be backported since it only triggers on boot OOM.		2026-05-15 18:07:50 +02:00
.github	CI: github: add DEBUG_STRICT=2 to ASAN jobs	2026-04-30 17:46:30 +02:00
addons	BUILD: 51d.c: cleanup, fix preprocessor ifdefs	2026-05-13 17:00:20 +02:00
admin	CLEANUP: fix typos and spelling in comments and documentation	2026-03-30 09:24:19 +02:00
dev	CLEANUP: fix typos and spelling in comments and documentation	2026-03-30 09:24:19 +02:00
doc	[RELEASE] Released version 3.4-dev12	2026-05-13 17:22:12 +02:00
examples	MEDIUM: mux_quic: rename qmux traces to qcm	2026-05-13 16:23:58 +02:00
include	CLEANUP: htx: Adjust numbering of HTX blocks' types in the description	2026-05-13 17:03:48 +02:00
reg-tests	MINOR: sample: add a reverse_dom converter	2026-05-13 16:49:53 +02:00
scripts	SCRIPTS: announce-release: add a link to the OpenTelemetry filter	2026-05-08 12:05:09 +02:00
src	BUG/MINOR: resolvers: fix leaked fields on cfg_parse_resolvers() error paths	2026-05-15 18:07:50 +02:00
tests	TESTS: quic: add unit-tests for QUIC TX part	2025-09-08 14:49:03 +02:00
.cirrus.yml	CI: cirrus-ci: bump FreeBSD image to 14-3	2025-10-09 14:06:48 +02:00
.gitattributes	MINOR: Configure the `cpp` userdiff driver for *.[ch] in .gitattributes	2021-02-22 18:17:57 +01:00
.gitignore	MINOR: tevt/dev: Add term_events tool	2025-01-31 10:41:50 +01:00
.mailmap	DOC: update Tim's address in .mailmap	2021-09-16 09:14:14 +02:00
.travis.yml	MEDIUM: mworker: remove USE_SYSTEMD requirement for -Ws	2024-11-20 12:07:38 +01:00
BRANCHES	CLEANUP: tree-wide: fix typos in user-invisible files	2026-05-13 17:03:48 +02:00
BSDmakefile	BUILD: makefile: commit the tiny FreeBSD makefile stub	2023-05-24 17:17:36 +02:00
CHANGELOG	[RELEASE] Released version 3.4-dev12	2026-05-13 17:22:12 +02:00
CONTRIBUTING	CLEANUP: assorted typo fixes in the code and comments	2025-04-02 11:12:20 +02:00
INSTALL	MINOR: version: mention that it's development again	2025-11-26 16:11:47 +01:00
LICENSE	LICENSE: add licence exception for OpenSSL	2012-09-07 13:52:26 +02:00
MAINTAINERS	MAJOR: spoe: Let the SPOE back into the game	2024-05-22 09:04:38 +02:00
Makefile	MINOR: mux_quic: rename qstrm files to qmux	2026-05-13 16:15:48 +02:00
README.md	CI: github: add cross-zoo.yml in README.md	2026-04-20 11:47:20 +02:00
SUBVERS	BUILD: use format tags in VERDATE and SUBVERS files	2013-12-10 11:22:49 +01:00
VERDATE	[RELEASE] Released version 3.4-dev12	2026-05-13 17:22:12 +02:00
VERSION	[RELEASE] Released version 3.4-dev12	2026-05-13 17:22:12 +02:00

README.md

HAProxy

HAProxy is a free, very fast and reliable reverse-proxy offering high availability, load balancing, and proxying for TCP and HTTP-based applications.

Installation

The INSTALL file describes how to build HAProxy. A list of packages is also available on the wiki.

Getting help

The discourse and the mailing-list are available for questions or configuration assistance. You can also use the slack or IRC channel. Please don't use the issue tracker for these.

The issue tracker is only for bug reports or feature requests.

Documentation

The HAProxy documentation has been split into a number of different files for ease of use. It is available in text format as well as HTML. The wiki is also meant to replace the old architecture guide.

Please refer to the following files depending on what you're looking for:

INSTALL for instructions on how to build and install HAProxy
BRANCHES to understand the project's life cycle and what version to use
LICENSE for the project's license
CONTRIBUTING for the process to follow to submit contributions

The more detailed documentation is located into the doc/ directory:

doc/intro.txt for a quick introduction on HAProxy
doc/configuration.txt for the configuration's reference manual
doc/lua.txt for the Lua's reference manual
doc/SPOE.txt for how to use the SPOE engine
doc/network-namespaces.txt for how to use network namespaces under Linux
doc/management.txt for the management guide
doc/regression-testing.txt for how to use the regression testing suite
doc/peers.txt for the peers protocol reference
doc/coding-style.txt for how to adopt HAProxy's coding style
doc/internals for developer-specific documentation (not all up to date)

License

HAProxy is licensed under GPL 2 or any later version, the headers under LGPL 2.1. See the LICENSE file for a more detailed explanation.