BUG/MINOR: errors: handle malloc failure in usermsgs_put() usermsgs_buf.size is set without first checking if previous malloc attempt succeeded. This could fool the buffer API into assuming that the buffer is initialized, resulting in unsafe read/writes. Guarding usermsgs_buf.size assignment with the malloc attempt result to make the buffer initialization safe against malloc failures. This partially fixes GH #2130. It should be backported up to 2.6.

commit: d4dba38ab101eee4cbd0c8d8aa21181825ef6472 [log] [tgz]
author: Aurelien DARRAGON <adarragon@haproxy.com> Thu May 11 18:49:14 2023 +0200
committer: Christopher Faulet <cfaulet@haproxy.com> Fri May 12 09:45:30 2023 +0200
tree: bd6c8ec5355f597e16f0eced7bd2d47873ed8bd7
parent: 4cc2714ae2b40b84b1ee361dceab71a3acd8fb4a [diff]
diff --git a/src/errors.c b/src/errors.c
index 2e9d6af..5913cb1 100644
--- a/src/errors.c
+++ b/src/errors.c

@@ -229,7 +229,8 @@
 	/* Allocate the buffer if not already done. */
 	if (unlikely(b_is_null(&usermsgs_buf))) {
 		usermsgs_buf.area = malloc(USER_MESSAGES_BUFSIZE * sizeof(char));
-		usermsgs_buf.size = USER_MESSAGES_BUFSIZE;
+		if (usermsgs_buf.area)
+			usermsgs_buf.size = USER_MESSAGES_BUFSIZE;
 	}
 
 	if (likely(!b_is_null(&usermsgs_buf))) {
commit	d4dba38ab101eee4cbd0c8d8aa21181825ef6472	[log] [tgz]
author	Aurelien DARRAGON <adarragon@haproxy.com>	Thu May 11 18:49:14 2023 +0200
committer	Christopher Faulet <cfaulet@haproxy.com>	Fri May 12 09:45:30 2023 +0200
tree	bd6c8ec5355f597e16f0eced7bd2d47873ed8bd7
parent	4cc2714ae2b40b84b1ee361dceab71a3acd8fb4a [diff]