From 6fc340ff07171bb85d11d835fa4158bbdef240a0 Mon Sep 17 00:00:00 2001 From: Thierry Fournier Date: Mon, 6 Jun 2016 18:28:05 +0200 Subject: [PATCH] BUG/MEDIUM: sticktables: segfault in some configuration error cases When a stick table is tracked, and another one is used later on the configuration, a segfault occurs. The function "smp_create_src_stkctr" can return a NULL value, and its value is not tested, so one other function try to dereference a NULL pointer. This patch just add a verification of the NULL pointer. The problem is reproduced with this configuration: listen www mode http bind :12345 tcp-request content track-sc0 src table IPv4 http-request allow if { sc0_inc_gpc0(IPv6) gt 0 } server dummy 127.0.0.1:80 backend IPv4 stick-table type ip size 10 expire 60s store gpc0 backend IPv6 stick-table type ipv6 size 10 expire 60s store gpc0 Thank to kabefuna@gmail.com for the bug report. This patch must be backported in the 1.6 and 1.5 version. --- src/stream.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/stream.c b/src/stream.c index 2ca3b3600..fc113ec19 100644 --- a/src/stream.c +++ b/src/stream.c @@ -2821,7 +2821,7 @@ smp_fetch_sc_inc_gpc0(const struct arg *args, struct sample *smp, const char *kw if (stkctr_entry(stkctr) == NULL) stkctr = smp_create_src_stkctr(smp->sess, smp->strm, args, kw); - if (stkctr_entry(stkctr) != NULL) { + if (stkctr && stkctr_entry(stkctr)) { void *ptr1,*ptr2; /* First, update gpc0_rate if it's tracked. Second, update its