RepoMirrors
/
haproxy
mirror of http://git.haproxy.org/git/haproxy.git/
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
haproxy public development tree
16,253 Commits 20 Branches 369 Tags 206 MiB
C 98.1%
Shell 0.8%
Makefile 0.6%
Python 0.2%
Lua 0.1%
Go to file
Willy Tarreau 266d540549 BUG/MEDIUM: backend: fix possible sockaddr leak on redispatch 
A subtle change of target address allocation was introduced with commit
68cf3959b ("MINOR: backend: rewrite alloc of stream target address") in
2.4. Prior to this patch, a target address was allocated by function
assign_server_address() only if none was previously allocated. After
the change, the allocation became unconditional. Most of the time it
makes no difference, except when we pass multiple times through
connect_server() with SF_ADDR_SET cleared.

The most obvious fix would be to avoid allocating that address there
when already set, but the root cause is that since introduction of
dynamically allocated addresses, the SF_ADDR_SET flag lies. It can
be cleared during redispatch or during a queue redistribution without
the address being released.

This patch instead gives back all its correct meaning to SF_ADDR_SET
and guarantees that when not set no address is allocated, by freeing
that address at the few places the flag is cleared. The flag could
even be removed so that only the address is checked but that would
require to touch many areas for no benefit.

The easiest way to test it is to send requests to a proxy with l7
retries enabled, which forwards to a server returning 500:

  defaults
    mode http
    timeout client 1s
    timeout server 1s
    timeout connect 1s
    retry-on all-retryable-errors
    retries 1
    option redispatch

  listen proxy
    bind *:5000
    server app 0.0.0.0:5001

  frontend dummy-app
    bind :5001
    http-request return status 500

Issuing "show pools" on the CLI will show that pool "sockaddr" grows
as requests are redispatched, and remains stable with the fix. Even
"ps" will show that the process' RSS grows by ~160B per request.

This fix will need to be backported to 2.4. Note that before 2.5,
there's no strm->si[1].dst, strm->target_addr must be used instead.

This addresses github issue #1499. Special thanks to Daniil Leontiev
for providing a well-documented reproducer.
 		2021-12-24 11:50:01 +01:00
.github CI: github actions: add the output of $CC -dM -E- 2021-11-26 17:58:42 +01:00
addons MINOR: promex: backend aggregated server check status 2021-11-09 10:51:08 +01:00
admin OPTIM: halog: skip fields 64 bits at a time when supported 2021-11-08 12:08:26 +01:00
dev Revert "DEV: coccinelle: Add rule to use `chunk_istcat()` instead of `chunk_strncat()`" 2021-11-08 13:42:03 +01:00
doc DOC: fix misspelled keyword "resolve_retries" in resolvers 2021-12-21 08:27:52 +01:00
examples
include BUG/MEDIUM: backend: fix possible sockaddr leak on redispatch 2021-12-24 11:50:01 +01:00
reg-tests REGTESTS: vars: Remove useless ssl tunes from conditional set-var test 2021-12-20 11:41:13 +01:00
scripts BUILD: SSL: add quictls build to scripts/build-ssl.sh 2021-11-20 08:17:22 +01:00
src BUG/MEDIUM: backend: fix possible sockaddr leak on redispatch 2021-12-24 11:50:01 +01:00
tests CLEANUP: assorted typo fixes in the code and comments 2021-08-16 12:37:59 +02:00
.cirrus.yml
.gitattributes
.gitignore
.mailmap DOC: update Tim's address in .mailmap 2021-09-16 09:14:14 +02:00
.travis.yml
BRANCHES
CHANGELOG [RELEASE] Released version 2.6-dev0 2021-11-23 15:50:11 +01:00
CONTRIBUTING CLEANUP: assorted typo fixes in the code and comments 2021-08-16 12:37:59 +02:00
INSTALL MINOR: version: it's development again 2021-11-23 15:48:35 +01:00
LICENSE
MAINTAINERS
Makefile BUILD: makefile: reorder objects by build time 2021-11-19 11:24:33 +01:00
README
ROADMAP
SUBVERS
VERDATE [RELEASE] Released version 2.5.0 2021-11-23 15:40:21 +01:00
VERSION [RELEASE] Released version 2.6-dev0 2021-11-23 15:50:11 +01:00

README 

The HAProxy documentation has been split into a number of different files for
ease of use.

Please refer to the following files depending on what you're looking for :

  - INSTALL for instructions on how to build and install HAProxy
  - BRANCHES to understand the project's life cycle and what version to use
  - LICENSE for the project's license
  - CONTRIBUTING for the process to follow to submit contributions

The more detailed documentation is located into the doc/ directory :

  - doc/intro.txt for a quick introduction on HAProxy
  - doc/configuration.txt for the configuration's reference manual
  - doc/lua.txt for the Lua's reference manual
  - doc/SPOE.txt for how to use the SPOE engine
  - doc/network-namespaces.txt for how to use network namespaces under Linux
  - doc/management.txt for the management guide
  - doc/regression-testing.txt for how to use the regression testing suite
  - doc/peers.txt for the peers protocol reference
  - doc/coding-style.txt for how to adopt HAProxy's coding style
  - doc/internals for developer-specific documentation (not all up to date)