RepoMirrors
/
haproxy
mirror of http://git.haproxy.org/git/haproxy.git/
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

BUG/MINOR: errors: handle malloc failure in usermsgs_put() 

usermsgs_buf.size is set without first checking if previous malloc
attempt succeeded.

This could fool the buffer API into assuming that the buffer is
initialized, resulting in unsafe read/writes.

Guarding usermsgs_buf.size assignment with the malloc attempt result
to make the buffer initialization safe against malloc failures.

This partially fixes GH #2130.

It should be backported up to 2.6.
This commit is contained in:
Aurelien DARRAGON 2023-05-11 18:49:14 +02:00 committed by Christopher Faulet
parent 4cc2714ae2
commit d4dba38ab1
1 changed files with 2 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
src/errors.c
View File

@ -229,7 +229,8 @@ static void usermsgs_put(const struct ist *msg)
/* Allocate the buffer if not already done. */
if (unlikely(b_is_null(&usermsgs_buf))) {
usermsgs_buf.area = malloc(USER_MESSAGES_BUFSIZE * sizeof(char));
usermsgs_buf.size = USER_MESSAGES_BUFSIZE;
if (usermsgs_buf.area)
usermsgs_buf.size = USER_MESSAGES_BUFSIZE;
}
if (likely(!b_is_null(&usermsgs_buf))) {