RepoMirrors/haproxy
1
0
Fork 0
mirror of http://git.haproxy.org/git/haproxy.git/ synced 2025-02-07 22:12:08 +00:00
Code Issues Packages Projects Releases Wiki Activity

BUILD/MINOR: htx: fix some potential null-deref warnings with http_find_stline

Browse Source 
http_find_stline() carefully verifies that it finds a start line otherwise
returns NULL when not found. But a few calling functions ignore this NULL
in return and dereference this pointer without checking. Let's add the
test where needed in the callers. If it turns out that over the long term
a start line is mandatory, then the test will be removed and the faulty
function will have to be simplified.

This must be backported to 1.9.
This commit is contained in:
Willy Tarreau 2019-02-12 12:02:27 +01:00
parent 9bdd7bc63d
commit cdce54c2b7
1 changed files with 18 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
src/http_htx.c
View File

@ -220,6 +220,9 @@ int http_replace_req_meth(struct htx *htx, const struct ist meth)
struct htx_sl *sl = http_find_stline(htx); struct htx_sl *sl = http_find_stline(htx);
struct ist uri, vsn; struct ist uri, vsn;
if (!sl)
return 0;
/* Start by copying old uri and version */ /* Start by copying old uri and version */
chunk_memcat(temp, HTX_SL_REQ_UPTR(sl), HTX_SL_REQ_ULEN(sl)); /* uri */ chunk_memcat(temp, HTX_SL_REQ_UPTR(sl), HTX_SL_REQ_ULEN(sl)); /* uri */
uri = ist2(temp->area, HTX_SL_REQ_ULEN(sl)); uri = ist2(temp->area, HTX_SL_REQ_ULEN(sl));
@ -241,6 +244,9 @@ int http_replace_req_uri(struct htx *htx, const struct ist uri)
struct htx_sl *sl = http_find_stline(htx); struct htx_sl *sl = http_find_stline(htx);
struct ist meth, vsn; struct ist meth, vsn;
if (!sl)
return 0;
/* Start by copying old method and version */ /* Start by copying old method and version */
chunk_memcat(temp, HTX_SL_REQ_MPTR(sl), HTX_SL_REQ_MLEN(sl)); /* meth */ chunk_memcat(temp, HTX_SL_REQ_MPTR(sl), HTX_SL_REQ_MLEN(sl)); /* meth */
meth = ist2(temp->area, HTX_SL_REQ_MLEN(sl)); meth = ist2(temp->area, HTX_SL_REQ_MLEN(sl));
@ -262,6 +268,9 @@ int http_replace_req_path(struct htx *htx, const struct ist path)
struct ist meth, uri, vsn, p; struct ist meth, uri, vsn, p;
size_t plen = 0; size_t plen = 0;
if (!sl)
return 0;
uri = htx_sl_req_uri(sl); uri = htx_sl_req_uri(sl);
p = http_get_path(uri); p = http_get_path(uri);
if (!p.ptr) if (!p.ptr)
@ -296,6 +305,9 @@ int http_replace_req_query(struct htx *htx, const struct ist query)
struct ist meth, uri, vsn, q; struct ist meth, uri, vsn, q;
int offset = 1; int offset = 1;
if (!sl)
return 0;
uri = htx_sl_req_uri(sl); uri = htx_sl_req_uri(sl);
q = uri; q = uri;
while (q.len > 0 && *(q.ptr) != '?') { while (q.len > 0 && *(q.ptr) != '?') {
@ -337,6 +349,9 @@ int http_replace_res_status(struct htx *htx, const struct ist status)
struct htx_sl *sl = http_find_stline(htx); struct htx_sl *sl = http_find_stline(htx);
struct ist vsn, reason; struct ist vsn, reason;
if (!sl)
return 0;
/* Start by copying old uri and version */ /* Start by copying old uri and version */
chunk_memcat(temp, HTX_SL_RES_VPTR(sl), HTX_SL_RES_VLEN(sl)); /* vsn */ chunk_memcat(temp, HTX_SL_RES_VPTR(sl), HTX_SL_RES_VLEN(sl)); /* vsn */
vsn = ist2(temp->area, HTX_SL_RES_VLEN(sl)); vsn = ist2(temp->area, HTX_SL_RES_VLEN(sl));
@ -358,6 +373,9 @@ int http_replace_res_reason(struct htx *htx, const struct ist reason)
struct htx_sl *sl = http_find_stline(htx); struct htx_sl *sl = http_find_stline(htx);
struct ist vsn, status; struct ist vsn, status;
if (!sl)
return 0;
/* Start by copying old uri and version */ /* Start by copying old uri and version */
chunk_memcat(temp, HTX_SL_RES_VPTR(sl), HTX_SL_RES_VLEN(sl)); /* vsn */ chunk_memcat(temp, HTX_SL_RES_VPTR(sl), HTX_SL_RES_VLEN(sl)); /* vsn */
vsn = ist2(temp->area, HTX_SL_RES_VLEN(sl)); vsn = ist2(temp->area, HTX_SL_RES_VLEN(sl));