BUG/MINOR: Fix several leaks of 'log_tag' in init().
We use chunk_initstr() to store the program name as the default log-tag.
If we use the log-tag directive in the config file, this chunk will be
destroyed and replaced. chunk_initstr() sets the chunk size to 0 so we
will free the chunk itself, but not its content.
This happens for a global section and also for a proxy.
We fix this by using chunk_initlen() instead of chunk_initstr().
We also check that the memory allocation was successfull, otherwise we quit.
This fixes github issue #850.
It can be backported as far as 1.9, with minor adjustments to includes.
diff --git a/src/cfgparse-global.c b/src/cfgparse-global.c
index d220a2c..c9805a3 100644
--- a/src/cfgparse-global.c
+++ b/src/cfgparse-global.c
@@ -11,6 +11,7 @@
#include <fcntl.h>
#include <unistd.h>
+#include <haproxy/buf.h>
#include <haproxy/cfgparse.h>
#include <haproxy/compression.h>
#include <haproxy/global.h>
@@ -948,7 +949,13 @@
goto out;
}
chunk_destroy(&global.log_tag);
- chunk_initstr(&global.log_tag, strdup(args[1]));
+ chunk_initlen(&global.log_tag, strdup(args[1]), strlen(args[1]), strlen(args[1]));
+ if (b_orig(&global.log_tag) == NULL) {
+ chunk_destroy(&global.log_tag);
+ ha_alert("parsing [%s:%d]: cannot allocate memory for '%s'.\n", file, linenum, args[0]);
+ err_code |= ERR_ALERT | ERR_FATAL;
+ goto out;
+ }
}
else if (!strcmp(args[0], "spread-checks")) { /* random time between checks (0-50) */
if (alertif_too_many_args(1, file, linenum, args, &err_code))
diff --git a/src/cfgparse-listen.c b/src/cfgparse-listen.c
index cdfca5b..b8f3795 100644
--- a/src/cfgparse-listen.c
+++ b/src/cfgparse-listen.c
@@ -12,6 +12,7 @@
#include <unistd.h>
#include <haproxy/acl.h>
+#include <haproxy/buf.h>
#include <haproxy/capture-t.h>
#include <haproxy/cfgparse.h>
#include <haproxy/check.h>
@@ -2821,7 +2822,13 @@
goto out;
}
chunk_destroy(&curproxy->log_tag);
- chunk_initstr(&curproxy->log_tag, strdup(args[1]));
+ chunk_initlen(&curproxy->log_tag, strdup(args[1]), strlen(args[1]), strlen(args[1]));
+ if (b_orig(&curproxy->log_tag) == NULL) {
+ chunk_destroy(&curproxy->log_tag);
+ ha_alert("parsing [%s:%d]: cannot allocate memory for '%s'.\n", file, linenum, args[0]);
+ err_code |= ERR_ALERT | ERR_FATAL;
+ goto out;
+ }
}
else if (!strcmp(args[0], "log")) { /* "no log" or "log ..." */
if (!parse_logsrv(args, &curproxy->logsrvs, (kwm == KWM_NO), &errmsg)) {
diff --git a/src/haproxy.c b/src/haproxy.c
index 7458dee..0c1dd5a 100644
--- a/src/haproxy.c
+++ b/src/haproxy.c
@@ -1595,7 +1595,12 @@
progname = tmp + 1;
/* the process name is used for the logs only */
- chunk_initstr(&global.log_tag, strdup(progname));
+ chunk_initlen(&global.log_tag, strdup(progname), strlen(progname), strlen(progname));
+ if (b_orig(&global.log_tag) == NULL) {
+ chunk_destroy(&global.log_tag);
+ ha_alert("Cannot allocate memory for log_tag.\n");
+ exit(EXIT_FAILURE);
+ }
argc--; argv++;
while (argc > 0) {