BUG/MINOR: connection: avoid null pointer dereference in send-proxy-v2 found by coverity. [wt: this bug was introduced by commit 404d978 ("MINOR: add ALPN information to send-proxy-v2"). It might be triggered by a health check on a server using ppv2 or by an applet making use of such a server, if at all configurable]. This needs to be backported to 1.8.

commit: ca56fce8bd271928b18d38b439bd35bd273fe8d4 [log] [tgz]
author: Ilya Shipitsin <chipitsine@gmail.com> Sat Sep 15 00:50:05 2018 +0500
committer: Willy Tarreau <w@1wt.eu> Tue Oct 02 04:07:43 2018 +0200
tree: 3692d252bf9975d60d9d9e9d0e3f1b828a18b06b
parent: 2793578eaf934bbf28f742a35f3a1ae656280324 [diff] [blame]
diff --git a/src/connection.c b/src/connection.c
index 06e1ed8..c0da874 100644
--- a/src/connection.c
+++ b/src/connection.c

@@ -996,6 +996,7 @@
 	return 0;
 }
 
+/* Note: <remote> is explicitly allowed to be NULL */
 int make_proxy_line(char *buf, int buf_len, struct server *srv, struct connection *remote)
 {
 	int ret = 0;
@@ -1107,6 +1108,7 @@
 	return length + sizeof(*tlv);
 }
 
+/* Note: <remote> is explicitly allowed to be NULL */
 int make_proxy_line_v2(char *buf, int buf_len, struct server *srv, struct connection *remote)
 {
 	const char pp2_signature[] = PP2_SIGNATURE;
@@ -1191,7 +1193,7 @@
 		ret += make_tlv(&buf[ret], (buf_len - ret), PP2_TYPE_CRC32C, sizeof(zero_crc32c), (const char *)&zero_crc32c);
 	}
 
-	if (conn_get_alpn(remote, &value, &value_len)) {
+	if (remote && conn_get_alpn(remote, &value, &value_len)) {
 		if ((buf_len - ret) < sizeof(struct tlv))
 			return 0;
 		ret += make_tlv(&buf[ret], (buf_len - ret), PP2_TYPE_ALPN, value_len, value);
commit	ca56fce8bd271928b18d38b439bd35bd273fe8d4	[log] [tgz]
author	Ilya Shipitsin <chipitsine@gmail.com>	Sat Sep 15 00:50:05 2018 +0500
committer	Willy Tarreau <w@1wt.eu>	Tue Oct 02 04:07:43 2018 +0200
tree	3692d252bf9975d60d9d9e9d0e3f1b828a18b06b
parent	2793578eaf934bbf28f742a35f3a1ae656280324 [diff] [blame]