From 2469eba20fdc01f8ca95726a8c11feaaa8825027 Mon Sep 17 00:00:00 2001
From: Christopher Faulet <cfaulet@haproxy.com>
Date: Thu, 15 Oct 2020 16:08:30 +0200
Subject: [PATCH] BUG/MEDIUM: spoe: Unset variable instead of set it if no data
 provided

If an agent try to set a variable with the NULL data type, an unset is perform
instead to avoid undefined behaviors. Once decoded, such data are translated to
a sample with the type SMP_T_ANY. It is unexpected in HAProxy. When a variable
is set with such sample, no data are attached to the variable. Thus, when the
variable is retrieved later in the transaction, the sample data are
uninitialized, leading to undefined behaviors depending on how it is used. For
instance, it leads to a crash if the debug converter is used on such variable.

This patch should fix the issue #855. It must be backported as far as 1.8.
---
 src/flt_spoe.c | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/src/flt_spoe.c b/src/flt_spoe.c
index 62e535ef1..cf5fc7a4c 100644
--- a/src/flt_spoe.c
+++ b/src/flt_spoe.c
@@ -2368,7 +2368,10 @@ spoe_decode_action_set_var(struct stream *s, struct spoe_context *ctx,
 		    ((struct spoe_config *)FLT_CONF(ctx->filter))->agent->var_pfx,
 		    (int)sz, str);
 
-	spoe_set_var(ctx, scope, str, sz, &smp);
+	if (smp.data.type == SMP_T_ANY)
+		spoe_unset_var(ctx, scope, str, sz, &smp);
+	else
+		spoe_set_var(ctx, scope, str, sz, &smp);
 
 	ret  = (p - *buf);
 	*buf = p;