BUG/MEDIUM: proxy: Perform a custom copy for default server settings

When a proxy is initialized with the settings of the default proxy, instead
of doing a raw copy of the default server settings, a custom copy is now
performed by calling srv_settings_copy(). This way, all settings will be
really duplicated. Without this deep copy, some pointers are shared between
several servers, leading to UAF, double-free or such bugs.

This patch relies on following commits:

  * b32cb9b51 REORG: server: Export srv_settings_cpy() function
  * 0b365e3cb MINOR: server: Constify source server to copy its settings

This patch should fix the issue #1804. It must be backported as far as 2.0.
This commit is contained in:
Christopher Faulet 2022-08-03 11:31:55 +02:00
parent b32cb9b515
commit 6bb86539db
1 changed files with 1 additions and 1 deletions

View File

@ -1631,7 +1631,7 @@ static int proxy_defproxy_cpy(struct proxy *curproxy, const struct proxy *defpro
char *tmpmsg = NULL; char *tmpmsg = NULL;
/* set default values from the specified default proxy */ /* set default values from the specified default proxy */
memcpy(&curproxy->defsrv, &defproxy->defsrv, sizeof(curproxy->defsrv)); srv_settings_cpy(&curproxy->defsrv, &defproxy->defsrv, 0);
curproxy->flags = (defproxy->flags & PR_FL_DISABLED); /* Only inherit from disabled flag */ curproxy->flags = (defproxy->flags & PR_FL_DISABLED); /* Only inherit from disabled flag */
curproxy->options = defproxy->options; curproxy->options = defproxy->options;