BUG/MEDIUM: lua: segfault if a converter or a sample doesn't return anything In the case of a Lua sample-fetch or converter doesn't return any value, an acces outside the Lua stack can be performed. This patch check the stack size before converting the top value to a HAProxy internal sample. A workaround consist to check that a value value is always returned with sample fetches and converters. This patch should be backported in the version 1.6 and 1.7

commit: fd80df11c37af2d5d3c9a8659d45905638de717c [log] [tgz]
author: Thierry FOURNIER <thierry.fournier@ozon.io> Fri May 12 16:32:20 2017 +0200
committer: Willy Tarreau <w@1wt.eu> Fri May 12 16:46:26 2017 +0200
tree: e012baa05aec0d9b77ad8e496fbca6e97cbd1c86
parent: 1bfc24ba03e4ae05fc76ba16119f24a226cd79c2 [diff]
diff --git a/src/hlua.c b/src/hlua.c
index 643d3fc..b8d2c88 100644
--- a/src/hlua.c
+++ b/src/hlua.c

@@ -5496,6 +5496,10 @@
 	switch (hlua_ctx_resume(stream->hlua, 0)) {
 	/* finished. */
 	case HLUA_E_OK:
+		/* If the stack is empty, the function fails. */
+		if (lua_gettop(stream->hlua->T) <= 0)
+			return 0;
+
 		/* Convert the returned value in sample. */
 		hlua_lua2smp(stream->hlua->T, -1, smp);
 		lua_pop(stream->hlua->T, 1);
@@ -5617,6 +5621,10 @@
 			stream_int_retnclose(&stream->si[0], &msg);
 			return 0;
 		}
+		/* If the stack is empty, the function fails. */
+		if (lua_gettop(stream->hlua->T) <= 0)
+			return 0;
+
 		/* Convert the returned value in sample. */
 		hlua_lua2smp(stream->hlua->T, -1, smp);
 		lua_pop(stream->hlua->T, 1);
commit	fd80df11c37af2d5d3c9a8659d45905638de717c	[log] [tgz]
author	Thierry FOURNIER <thierry.fournier@ozon.io>	Fri May 12 16:32:20 2017 +0200
committer	Willy Tarreau <w@1wt.eu>	Fri May 12 16:46:26 2017 +0200
tree	e012baa05aec0d9b77ad8e496fbca6e97cbd1c86
parent	1bfc24ba03e4ae05fc76ba16119f24a226cd79c2 [diff]