>From fc217df5d282cfbc275f3eff286885aae0a0e117 Mon Sep 17 00:00:00 2001 From: Krzysztof Piotr Oledzki <o...@ans.pl> Date: Sun, 4 Oct 2009 23:00:16 +0200 Subject: [BUG] Fix NULL pointer dereference in stats_check_uri_auth()
Recent "struct chunk rework" exposed a NULL pointer dereference: txn->auth_hdr is used even if it was not initialized and now haproxy segfaults if auth is required for stats but not found. This patch fixes it. --- src/proto_http.c | 5 +++-- 1 files changed, 3 insertions(+), 2 deletions(-) diff --git a/src/proto_http.c b/src/proto_http.c index 6cd0b40..a73a580 100644 --- a/src/proto_http.c +++ b/src/proto_http.c @@ -4563,7 +4563,7 @@ int stats_check_uri_auth(struct session *t, struct proxy *backend) struct http_txn *txn = &t->txn; struct uri_auth *uri_auth = backend->uri_auth; struct user_auth *user; - int authenticated, cur_idx; + int authenticated, cur_idx, found = 0; char *h; memset(&t->data_ctx.stats, 0, sizeof(t->data_ctx.stats)); @@ -4632,12 +4632,13 @@ int stats_check_uri_auth(struct session *t, struct proxy *backend) !strncasecmp("Authorization:", h, 14)) { txn->auth_hdr.str = h; txn->auth_hdr.len = len; + found++; break; } h += len + txn->hdr_idx.v[cur_idx].cr + 1; } - if (txn->auth_hdr.len < 21 || + if (!found || txn->auth_hdr.len < 21 || memcmp(txn->auth_hdr.str + 14, " Basic ", 7)) user = NULL; -- 1.6.4.2