!119 backport upstream patches

From: @xinghe_1 Reviewed-by: @wu-leilei Signed-off-by: @wu-leilei
2024-03-12 01:07:37 +00:00 · 2024-03-12 01:07:37 +00:00 · 704118a2e1
commit 704118a2e1
parent ce43ece7f8 ad0ec7f79f
3 changed files with 113 additions and 1 deletions
--- a/backport-BUG-MINOR-server-add-missing-free-for-server-rdr_pfx.patch
+++ b/backport-BUG-MINOR-server-add-missing-free-for-server-rdr_pfx.patch
@ -0,0 +1,42 @@
+From 6647a2439ba0e88aac2b1bfd313143e68c3b463a Mon Sep 17 00:00:00 2001
+From: Aurelien DARRAGON <adarragon@haproxy.com>
+Date: Fri, 15 Sep 2023 00:42:55 +0200
+Subject: [PATCH] BUG/MINOR: server: add missing free for server->rdr_pfx
+ 
+rdr_pfx was not being free during server cleanup, leading to small memory
+leak when "redir" argument was used on a server line (HTTP only).
+ 
+This should be backported to every stable versions.
+ 
+[For 2.6 and 2.7: the free should be performed in srv_drop() directly.
+ For older versions: free in deinit() function near the free for the
+ cookie string]
+ 
+(cherry picked from commit 2c9bd3ae808872e52c07d7ec1d62f734dcbb6776)
+Signed-off-by: Christopher Faulet <cfaulet@haproxy.com>
+(cherry picked from commit d2d7fbd1ef16beb525b7b869d48b1519dbe7f4cc)
+[cf: free performed in srv_drop() as expected]
+Signed-off-by: Christopher Faulet <cfaulet@haproxy.com>
+(cherry picked from commit 16fe0670060c4aaa26a0961e5fafa4d71fab87cc)
+Signed-off-by: Christopher Faulet <cfaulet@haproxy.com>
+ 
+Conflict:NA
+Reference:https://git.haproxy.org/?p=haproxy-2.6.git;a=commit;h=6647a2439ba0e88aac2b1bfd313143e68c3b463a
+---
+ src/server.c |    1 +
+ 1 file changed, 1 insertion(+)
+ 
+diff --git a/src/server.c b/src/server.c
+index 7935668..70d4bc8 100644
+--- a/src/server.c
+++ b/src/server.c
+@@ -2377,6 +2377,7 @@ struct server *srv_drop(struct server *srv)
+ 
+ 	free(srv->id);
+ 	free(srv->cookie);
+	free(srv->rdr_pfx);
+ 	free(srv->hostname);
+ 	free(srv->hostname_dn);
+ 	free((char*)srv->conf.file);
+-- 
+1.7.10.4
--- a/backport-BUG-MINOR-server-do-not-leak-default-server-in-defau.patch
+++ b/backport-BUG-MINOR-server-do-not-leak-default-server-in-defau.patch
@ -0,0 +1,61 @@
+From 50bf172a2c4d448145a2061dfbaa5ee2a413874e Mon Sep 17 00:00:00 2001
+From: Willy Tarreau <w@1wt.eu>
+Date: Thu, 23 Nov 2023 14:28:14 +0100
+Subject: [PATCH] BUG/MINOR: server: do not leak default-server in defaults
+ sections
+ 
+When a default-server directive is used in a defaults section, it's never
+freed and the "defaults" proxy gets reset without freeing the fields from
+that default-server. Normally there are no allocation there, except for
+the config file location stored in srv->conf.file form an strdup() since
+commit 9394a9444 ("REORG: server: move alert traces in parse_server")
+that appeared in 2.4. In addition, if a "default-server" directive
+appears multiple times in a defaults section, one more entry will be
+leaked per call.
+ 
+This commit addresses this by checking that we don't overwrite the file
+upon multiple calls, and by clearing it when resetting the default proxy.
+This should be backported to 2.4.
+ 
+(cherry picked from commit 53da8bfcb6d3f4918a45fe77347317ad885ba25e)
+Signed-off-by: Christopher Faulet <cfaulet@haproxy.com>
+(cherry picked from commit 8bb771af10bf68ffb46edba4bb601bd2a79ff5bd)
+Signed-off-by: Christopher Faulet <cfaulet@haproxy.com>
+(cherry picked from commit 0810c8082b5db901f823b554602702ae52881fc1)
+Signed-off-by: Christopher Faulet <cfaulet@haproxy.com>
+ 
+Conflict: NA
+Reference: https://git.haproxy.org/?p=haproxy-2.6.git;a=commit;h=50bf172a2c4d448145a2061dfbaa5ee2a413874e
+---
+ src/proxy.c  | 1 +
+ src/server.c | 3 ++-
+ 2 files changed, 3 insertions(+), 1 deletion(-)
+ 
+diff --git a/src/proxy.c b/src/proxy.c
+index dea6004ec..8bfe1175c 100644
+--- a/src/proxy.c
+++ b/src/proxy.c
+@@ -1442,6 +1442,7 @@ void proxy_free_defaults(struct proxy *defproxy)
+ 
+ 	ha_free(&defproxy->id);
+ 	ha_free(&defproxy->conf.file);
+	ha_free((char **)&defproxy->defsrv.conf.file);
+ 	ha_free(&defproxy->check_command);
+ 	ha_free(&defproxy->check_path);
+ 	ha_free(&defproxy->cookie_name);
+diff --git a/src/server.c b/src/server.c
+index a927811a9..eb78cc02e 100644
+--- a/src/server.c
+++ b/src/server.c
+@@ -2927,7 +2927,8 @@ int parse_server(const char *file, int linenum, char **args,
+ 	if (err_code & ERR_CODE)
+ 		goto out;
+ 
+-	newsrv->conf.file = strdup(file);
+	if (!newsrv->conf.file) // note: do it only once for default-server
+		newsrv->conf.file = strdup(file);
+ 	newsrv->conf.line = linenum;
+ 
+ 	while (*args[cur_arg]) {
+-- 
+2.33.0
--- a/haproxy.spec
+++ b/haproxy.spec
@ -5,7 +5,7 @@

 Name:             haproxy
 Version:          2.6.6
-Release:          9
+Release:          10
 Summary:          The Reliable, High Performance TCP/HTTP Load Balancer

 License:          GPLv2+
@ -34,6 +34,8 @@ Patch13:          CVE-2023-45539.patch
 Patch14:          backport-errors-handle-malloc-failure-in-usermsgs_put.patch
 Patch15:          backport-ssl_sock-add-check-for-ha_meth.patch
 Patch16:          backport-thread-add-a-check-for-pthread_create.patch
+Patch17:          backport-BUG-MINOR-server-add-missing-free-for-server-rdr_pfx.patch
+Patch18:          backport-BUG-MINOR-server-do-not-leak-default-server-in-defau.patch

 BuildRequires:    gcc lua-devel pcre2-devel openssl-devel systemd-devel systemd libatomic
 %ifarch sw_64
@ -138,6 +140,13 @@ exit 0
 %{_mandir}/man1/*

 %changelog
+* Mon Mar 11 2024 xinghe <xinghe2@h-partners.com> - 2.6.6-10
+- Type:bugfix
+- CVE:NA
+- SUG:restart
+- DESC:server: add missing free for server->rdr_pfx
+       server: do not leak default-server in defaults
+
 * Fri Jan 19 2024 xinghe <xinghe2@h-partners.com> - 2.6.6-9
 - Type:bugfix
 - CVE:NA