On Sun, 4 Oct 2009, Krzysztof Piotr Oledzki wrote:
From fc217df5d282cfbc275f3eff286885aae0a0e117 Mon Sep 17 00:00:00 2001
From: Krzysztof Piotr Oledzki <o...@ans.pl>
Date: Sun, 4 Oct 2009 23:00:16 +0200
Subject: [BUG] Fix NULL pointer dereference in stats_check_uri_auth()
Recent "struct chunk rework" exposed a NULL pointer dereference:
txn->auth_hdr is used even if it was not initialized and now
haproxy segfaults if auth is required for stats but not found.
This patch fixes it.
---
src/proto_http.c | 5 +++--
1 files changed, 3 insertions(+), 2 deletions(-)
diff --git a/src/proto_http.c b/src/proto_http.c
index 6cd0b40..a73a580 100644
--- a/src/proto_http.c
+++ b/src/proto_http.c
@@ -4563,7 +4563,7 @@ int stats_check_uri_auth(struct session *t, struct proxy
*backend)
struct http_txn *txn = &t->txn;
struct uri_auth *uri_auth = backend->uri_auth;
struct user_auth *user;
- int authenticated, cur_idx;
+ int authenticated, cur_idx, found = 0;
char *h;
memset(&t->data_ctx.stats, 0, sizeof(t->data_ctx.stats));
@@ -4632,12 +4632,13 @@ int stats_check_uri_auth(struct session *t, struct
proxy *backend)
!strncasecmp("Authorization:", h, 14)) {
txn->auth_hdr.str = h;
txn->auth_hdr.len = len;
+ found++;
break;
}
h += len + txn->hdr_idx.v[cur_idx].cr + 1;
}
- if (txn->auth_hdr.len < 21 ||
+ if (!found || txn->auth_hdr.len < 21 ||
memcmp(txn->auth_hdr.str + 14, " Basic ", 7))
user = NULL;
Please hold, "txn->auth_hdr.len < 21" should handle it - the bug is
probably in a different place.
Best regards,
Krzysztof Olędzki
