BUG/MEDIUM: proxy: Perform a custom copy for default server settings When a proxy is initialized with the settings of the default proxy, instead of doing a raw copy of the default server settings, a custom copy is now performed by calling srv_settings_copy(). This way, all settings will be really duplicated. Without this deep copy, some pointers are shared between several servers, leading to UAF, double-free or such bugs. This patch relies on following commits: * b32cb9b51 REORG: server: Export srv_settings_cpy() function * 0b365e3cb MINOR: server: Constify source server to copy its settings This patch should fix the issue #1804. It must be backported as far as 2.0.

commit: 6bb86539dbe66b79e011b287c8b750f2e4ee62a0 [log] [tgz]
author: Christopher Faulet <cfaulet@haproxy.com> Wed Aug 03 11:31:55 2022 +0200
committer: Christopher Faulet <cfaulet@haproxy.com> Wed Aug 03 11:44:34 2022 +0200
tree: a38b07f7a61d81c8ec1daac7009aef8b1868b57d
parent: b32cb9b5151d4b42ff92edd707d61960f8b3a536 [diff]
diff --git a/src/proxy.c b/src/proxy.c
index e389701..7a2d400 100644
--- a/src/proxy.c
+++ b/src/proxy.c

@@ -1631,7 +1631,7 @@
 	char *tmpmsg = NULL;
 
 	/* set default values from the specified default proxy */
-	memcpy(&curproxy->defsrv, &defproxy->defsrv, sizeof(curproxy->defsrv));
+	srv_settings_cpy(&curproxy->defsrv, &defproxy->defsrv, 0);
 
 	curproxy->flags = (defproxy->flags & PR_FL_DISABLED); /* Only inherit from disabled flag */
 	curproxy->options = defproxy->options;
commit	6bb86539dbe66b79e011b287c8b750f2e4ee62a0	[log] [tgz]
author	Christopher Faulet <cfaulet@haproxy.com>	Wed Aug 03 11:31:55 2022 +0200
committer	Christopher Faulet <cfaulet@haproxy.com>	Wed Aug 03 11:44:34 2022 +0200
tree	a38b07f7a61d81c8ec1daac7009aef8b1868b57d
parent	b32cb9b5151d4b42ff92edd707d61960f8b3a536 [diff]