MINOR: connection: use the srv pointer for the srv conn hash
The pointer of the target server is used as a first parameter for the
server connection hash calcul. This prevents the hash to be null when no
specific parameters are present, and can serve as a simple defense
against an attacker trying to reuse a non-conform connection.
diff --git a/include/haproxy/connection-t.h b/include/haproxy/connection-t.h
index dd52bd3..a8239b4 100644
--- a/include/haproxy/connection-t.h
+++ b/include/haproxy/connection-t.h
@@ -487,6 +487,7 @@
* connection hash.
*/
struct conn_hash_params {
+ struct server *srv;
};
/* This structure describes a connection with its methods and data.
diff --git a/src/backend.c b/src/backend.c
index 4b2c9f8..4879940 100644
--- a/src/backend.c
+++ b/src/backend.c
@@ -1251,15 +1251,18 @@
/* first, set unique connection parameters and then calculate hash */
memset(&hash_params, 0, sizeof(hash_params));
- hash = conn_calculate_hash(&hash_params);
+
+ srv = objt_server(s->target);
+ hash_params.srv = srv;
+
+ if (srv)
+ hash = conn_calculate_hash(&hash_params);
/* This will catch some corner cases such as lying connections resulting from
* retries or connect timeouts but will rarely trigger.
*/
si_release_endpoint(&s->si[1]);
- srv = objt_server(s->target);
-
/* do not reuse if mode is http or if avail list is not allocated */
if ((s->be->mode != PR_MODE_HTTP) || (srv && !srv->available_conns_tree))
goto skip_reuse;
diff --git a/src/connection.c b/src/connection.c
index f5dbffb..3656b36 100644
--- a/src/connection.c
+++ b/src/connection.c
@@ -1421,6 +1421,8 @@
buf = trash.area;
+ conn_hash_update(buf, &idx, ¶ms->srv, sizeof(params->srv), &hash_flags, 0);
+
hash = conn_hash_digest(buf, idx, hash_flags);
return hash;
}