RepoMirrors/haproxy
1
0
Fork 0
mirror of http://git.haproxy.org/git/haproxy.git/ synced 2025-01-03 02:32:03 +00:00
Code Issues Packages Projects Releases Wiki Activity

BUG/MINOR: hlua_fcn: potentially unsafe stktable_data_ptr usage

Browse Source 
As reported by Coverity in GH #2253, stktable_data_ptr() usage in
hlua_stktable_dump() func is potentially unsafe because
stktable_data_ptr() may return NULL and the returned value is
dereferenced as-is without precautions.

In practise, this should not happen because some error checking was
already performed prior to calling stktable_data_ptr(). But since we're
using the safe stktable_data_ptr() function, all the error checking is
already done within the function, thus all we need to do is check ptr
against NULL instead to protect against NULL dereferences.

This should be backported in every stable versions.
This commit is contained in:
Aurelien DARRAGON 2023-08-22 11:03:06 +02:00 committed by William Lallemand
parent 28e94c6192
commit ee1891ccbe
1 changed files with 4 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
src/hlua_fcn.c
View File

@ -859,12 +859,12 @@ static void hlua_stktable_entry(lua_State *L, struct stktable *t, struct stksess
for (dt = 0; dt < STKTABLE_DATA_TYPES; dt++) {
if (t->data_ofs[dt] == 0)
ptr = stktable_data_ptr(t, ts, dt);
if (!ptr)
continue;
lua_pushstring(L, stktable_data_types[dt].name);
ptr = stktable_data_ptr(t, ts, dt);
switch (stktable_data_types[dt].std_type) {
case STD_T_SINT:
lua_pushinteger(L, stktable_data_cast(ptr, std_t_sint));
@ -1056,10 +1056,9 @@ int hlua_stktable_dump(lua_State *L)
/* multi condition/value filter */
skip_entry = 0;
for (i = 0; i < filter_count; i++) {
if (t->data_ofs[filter[i].type] == 0)
continue;
ptr = stktable_data_ptr(t, ts, filter[i].type);
if (!ptr)
continue;
switch (stktable_data_types[filter[i].type].std_type) {
case STD_T_SINT: