From a69fc9f803c05de93b03fc7d4a28d5c503c6d3c9 Mon Sep 17 00:00:00 2001 From: Willy Tarreau Date: Mon, 22 Dec 2014 19:34:00 +0100 Subject: [PATCH] BUG/MAJOR: stream-int: properly check the memory allocation return In stream_int_register_handler(), we call si_alloc_appctx(si) but as a mistake, instead of checking the return value for a NULL, we test . This bug was discovered under extreme memory contention (memory for only two buffers with 500 connections waiting) and after 3 million failed connections. While it was very hard to produce it, the fix is tagged major because in theory it could happen when haproxy runs with a very low "-m" setting preventing from allocating just the few bytes needed for an appctx. But most users will never be able to trigger it. The fix was confirmed to address the bug. This fix must be backported to 1.5. --- src/stream_interface.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/stream_interface.c b/src/stream_interface.c index 9f7e979edf..075deef5d8 100644 --- a/src/stream_interface.c +++ b/src/stream_interface.c @@ -366,7 +366,7 @@ struct appctx *stream_int_register_handler(struct stream_interface *si, struct s DPRINTF(stderr, "registering handler %p for si %p (was %p)\n", app, si, si->owner); appctx = si_alloc_appctx(si); - if (!si) + if (!appctx) return NULL; appctx_set_applet(appctx, app);