1
From e7623987fda044a3c99cf061e45e51a1457edd69 Mon Sep 17 00:00:00 2001
2
From: Willy Tarreau <w@1wt.eu>
3
Date: Tue, 18 Nov 2014 18:49:19 +0100
4
Subject: [PATCH 4/9] BUG/MAJOR: frontend: initialize capture pointers earlier
6
Denys Fedoryshchenko reported and diagnosed a nasty bug caused by TCP
7
captures, introduced in late 1.5-dev by commit 18bf01e ("MEDIUM: tcp:
8
add a new tcp-request capture directive"). The problem is that we're
9
using the array of capture pointers initially designed for HTTP usage
10
only, and that this array was only reset when starting to process an
11
HTTP request. In a tcp-only frontend, the pointers are not reset, and
12
if the capture pool is shared, we can very well point to whatever other
13
memory location, resulting in random crashes when tcp-request content
14
captures are processed.
16
The fix simply consists in initializing these pointers when the pools
19
A workaround for existing versions consists in either disabling TCP
20
captures in tcp-only frontends, or in forcing the frontends to work in
23
Thanks to Denys for the amount of testing and detailed reports.
25
This fix must be backported to 1.5.
26
(cherry picked from commit 9654e57fac86c773091b892f42015ba2ba56be5a)
28
src/frontend.c | 14 ++++++++++----
29
1 file changed, 10 insertions(+), 4 deletions(-)
31
diff --git a/src/frontend.c b/src/frontend.c
32
index 3f80774ded29..29280477b0c3 100644
35
@@ -106,11 +106,17 @@ int frontend_accept(struct session *s)
36
if (global.tune.client_rcvbuf)
37
setsockopt(cfd, SOL_SOCKET, SO_RCVBUF, &global.tune.client_rcvbuf, sizeof(global.tune.client_rcvbuf));
39
- if (unlikely(s->fe->nb_req_cap > 0 && (s->txn.req.cap = pool_alloc2(s->fe->req_cap_pool)) == NULL))
40
- goto out_return; /* no memory */
41
+ if (unlikely(s->fe->nb_req_cap > 0)) {
42
+ if ((s->txn.req.cap = pool_alloc2(s->fe->req_cap_pool)) == NULL)
43
+ goto out_return; /* no memory */
44
+ memset(s->txn.req.cap, 0, s->fe->nb_req_cap * sizeof(void *));
47
- if (unlikely(s->fe->nb_rsp_cap > 0 && (s->txn.rsp.cap = pool_alloc2(s->fe->rsp_cap_pool)) == NULL))
48
- goto out_free_reqcap; /* no memory */
49
+ if (unlikely(s->fe->nb_rsp_cap > 0)) {
50
+ if ((s->txn.rsp.cap = pool_alloc2(s->fe->rsp_cap_pool)) == NULL)
51
+ goto out_free_reqcap; /* no memory */
52
+ memset(s->txn.rsp.cap, 0, s->fe->nb_rsp_cap * sizeof(void *));
55
if (s->fe->http_needed) {
56
/* we have to allocate header indexes only if we know