40 lines
1.3 KiB
Diff
40 lines
1.3 KiB
Diff
From d4dba38ab101eee4cbd0c8d8aa21181825ef6472 Mon Sep 17 00:00:00 2001
|
|
From: Aurelien DARRAGON <adarragon@haproxy.com>
|
|
Date: Thu, 11 May 2023 18:49:14 +0200
|
|
Subject: [PATCH] BUG/MINOR: errors: handle malloc failure in usermsgs_put()
|
|
|
|
usermsgs_buf.size is set without first checking if previous malloc
|
|
attempt succeeded.
|
|
|
|
This could fool the buffer API into assuming that the buffer is
|
|
initialized, resulting in unsafe read/writes.
|
|
|
|
Guarding usermsgs_buf.size assignment with the malloc attempt result
|
|
to make the buffer initialization safe against malloc failures.
|
|
|
|
This partially fixes GH #2130.
|
|
|
|
It should be backported up to 2.6.
|
|
|
|
Conflict:NA
|
|
Reference:https://github.com/haproxy/haproxy/commit/d4dba38ab101eee4cbd0c8d8aa21181825ef6472
|
|
|
|
---
|
|
src/errors.c | 3 ++-
|
|
1 file changed, 2 insertions(+), 1 deletion(-)
|
|
|
|
diff --git a/src/errors.c b/src/errors.c
|
|
index 2e9d6afb7e04..5913cb1d509d 100644
|
|
--- a/src/errors.c
|
|
+++ b/src/errors.c
|
|
@@ -229,7 +229,8 @@ static void usermsgs_put(const struct ist *msg)
|
|
/* Allocate the buffer if not already done. */
|
|
if (unlikely(b_is_null(&usermsgs_buf))) {
|
|
usermsgs_buf.area = malloc(USER_MESSAGES_BUFSIZE * sizeof(char));
|
|
- usermsgs_buf.size = USER_MESSAGES_BUFSIZE;
|
|
+ if (usermsgs_buf.area)
|
|
+ usermsgs_buf.size = USER_MESSAGES_BUFSIZE;
|
|
}
|
|
|
|
if (likely(!b_is_null(&usermsgs_buf))) {
|