[PATCH] Lua medium bugfix

Fri, 12 May 2017 07:42:35 -0700 

Hi,

A patch fixing a medium bugfix in attachment.
The backport in 1.6 and 1.7 is easy: it doesn't generate conflicts.

   In the case of a Lua sample-fetch or converter doesn't return any
   value, an acces outside the Lua stack can be performed. This patch
   check the stack size before converting the top value to a HAProxy
   internal sample.

   A workaround consist to check that a value value is always returned
   with sample fetches and converters.

   This patch should be backported in the version 1.6 and 1.7


Thierry

>From cad53b6e6e2a35202f8086d3239dc2f8891d8944 Mon Sep 17 00:00:00 2001
From: Thierry FOURNIER <thierry.fourn...@ozon.io>
Date: Fri, 12 May 2017 16:32:20 +0200
Subject: [PATCH] BUG/MEDIUM: lua: segfault if a converter or a sample doesn't
 return anything

In the case of a Lua sample-fetch or converter doesn't return any
value, an acces outside the Lua stack can be performed. This patch
check the stack size before converting the top value to a HAProxy
internal sample.

A workaround consist to check that a value value is always returned
with sample fetches and converters.

This patch should be backported in the version 1.6 and 1.7
---
 src/hlua.c |    8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/src/hlua.c b/src/hlua.c
index 643d3fc..b8d2c88 100644
--- a/src/hlua.c
+++ b/src/hlua.c
@@ -5496,6 +5496,10 @@ static int hlua_sample_conv_wrapper(const struct arg *arg_p, struct sample *smp,
 	switch (hlua_ctx_resume(stream->hlua, 0)) {
 	/* finished. */
 	case HLUA_E_OK:
+		/* If the stack is empty, the function fails. */
+		if (lua_gettop(stream->hlua->T) <= 0)
+			return 0;
+
 		/* Convert the returned value in sample. */
 		hlua_lua2smp(stream->hlua->T, -1, smp);
 		lua_pop(stream->hlua->T, 1);
@@ -5617,6 +5621,10 @@ static int hlua_sample_fetch_wrapper(const struct arg *arg_p, struct sample *smp
 			stream_int_retnclose(&stream->si[0], &msg);
 			return 0;
 		}
+		/* If the stack is empty, the function fails. */
+		if (lua_gettop(stream->hlua->T) <= 0)
+			return 0;
+
 		/* Convert the returned value in sample. */
 		hlua_lua2smp(stream->hlua->T, -1, smp);
 		lua_pop(stream->hlua->T, 1);
-- 
1.7.10.4

Reply via email to