diff --git a/backport-BUG-MINOR-server-add-missing-free-for-server-rdr_pfx.patch b/backport-BUG-MINOR-server-add-missing-free-for-server-rdr_pfx.patch new file mode 100644 index 0000000000000000000000000000000000000000..9f104459ce9b656ad41a0c9c7775ee86d2e6a9ae --- /dev/null +++ b/backport-BUG-MINOR-server-add-missing-free-for-server-rdr_pfx.patch @@ -0,0 +1,42 @@ +From 6647a2439ba0e88aac2b1bfd313143e68c3b463a Mon Sep 17 00:00:00 2001 +From: Aurelien DARRAGON +Date: Fri, 15 Sep 2023 00:42:55 +0200 +Subject: [PATCH] BUG/MINOR: server: add missing free for server->rdr_pfx + +rdr_pfx was not being free during server cleanup, leading to small memory +leak when "redir" argument was used on a server line (HTTP only). + +This should be backported to every stable versions. + +[For 2.6 and 2.7: the free should be performed in srv_drop() directly. + For older versions: free in deinit() function near the free for the + cookie string] + +(cherry picked from commit 2c9bd3ae808872e52c07d7ec1d62f734dcbb6776) +Signed-off-by: Christopher Faulet +(cherry picked from commit d2d7fbd1ef16beb525b7b869d48b1519dbe7f4cc) +[cf: free performed in srv_drop() as expected] +Signed-off-by: Christopher Faulet +(cherry picked from commit 16fe0670060c4aaa26a0961e5fafa4d71fab87cc) +Signed-off-by: Christopher Faulet + +Conflict:NA +Reference:https://git.haproxy.org/?p=haproxy-2.6.git;a=commit;h=6647a2439ba0e88aac2b1bfd313143e68c3b463a +--- + src/server.c | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/src/server.c b/src/server.c +index 7935668..70d4bc8 100644 +--- a/src/server.c ++++ b/src/server.c +@@ -2377,6 +2377,7 @@ struct server *srv_drop(struct server *srv) + + free(srv->id); + free(srv->cookie); ++ free(srv->rdr_pfx); + free(srv->hostname); + free(srv->hostname_dn); + free((char*)srv->conf.file); +-- +1.7.10.4 \ No newline at end of file diff --git a/backport-BUG-MINOR-server-do-not-leak-default-server-in-defau.patch b/backport-BUG-MINOR-server-do-not-leak-default-server-in-defau.patch new file mode 100644 index 0000000000000000000000000000000000000000..f8fd25a76c59fc8cd3570005d2b56e4a838270ee --- /dev/null +++ b/backport-BUG-MINOR-server-do-not-leak-default-server-in-defau.patch @@ -0,0 +1,61 @@ +From 50bf172a2c4d448145a2061dfbaa5ee2a413874e Mon Sep 17 00:00:00 2001 +From: Willy Tarreau +Date: Thu, 23 Nov 2023 14:28:14 +0100 +Subject: [PATCH] BUG/MINOR: server: do not leak default-server in defaults + sections + +When a default-server directive is used in a defaults section, it's never +freed and the "defaults" proxy gets reset without freeing the fields from +that default-server. Normally there are no allocation there, except for +the config file location stored in srv->conf.file form an strdup() since +commit 9394a9444 ("REORG: server: move alert traces in parse_server") +that appeared in 2.4. In addition, if a "default-server" directive +appears multiple times in a defaults section, one more entry will be +leaked per call. + +This commit addresses this by checking that we don't overwrite the file +upon multiple calls, and by clearing it when resetting the default proxy. +This should be backported to 2.4. + +(cherry picked from commit 53da8bfcb6d3f4918a45fe77347317ad885ba25e) +Signed-off-by: Christopher Faulet +(cherry picked from commit 8bb771af10bf68ffb46edba4bb601bd2a79ff5bd) +Signed-off-by: Christopher Faulet +(cherry picked from commit 0810c8082b5db901f823b554602702ae52881fc1) +Signed-off-by: Christopher Faulet + +Conflict: NA +Reference: https://git.haproxy.org/?p=haproxy-2.6.git;a=commit;h=50bf172a2c4d448145a2061dfbaa5ee2a413874e +--- + src/proxy.c | 1 + + src/server.c | 3 ++- + 2 files changed, 3 insertions(+), 1 deletion(-) + +diff --git a/src/proxy.c b/src/proxy.c +index dea6004ec..8bfe1175c 100644 +--- a/src/proxy.c ++++ b/src/proxy.c +@@ -1442,6 +1442,7 @@ void proxy_free_defaults(struct proxy *defproxy) + + ha_free(&defproxy->id); + ha_free(&defproxy->conf.file); ++ ha_free((char **)&defproxy->defsrv.conf.file); + ha_free(&defproxy->check_command); + ha_free(&defproxy->check_path); + ha_free(&defproxy->cookie_name); +diff --git a/src/server.c b/src/server.c +index a927811a9..eb78cc02e 100644 +--- a/src/server.c ++++ b/src/server.c +@@ -2927,7 +2927,8 @@ int parse_server(const char *file, int linenum, char **args, + if (err_code & ERR_CODE) + goto out; + +- newsrv->conf.file = strdup(file); ++ if (!newsrv->conf.file) // note: do it only once for default-server ++ newsrv->conf.file = strdup(file); + newsrv->conf.line = linenum; + + while (*args[cur_arg]) { +-- +2.33.0 \ No newline at end of file diff --git a/haproxy.spec b/haproxy.spec index 25215fb2d70559ad0f0a97dd5360f6b883c3388e..93d2af628eb34b0c677a449212cc29851206cf65 100644 --- a/haproxy.spec +++ b/haproxy.spec @@ -5,7 +5,7 @@ Name: haproxy Version: 2.6.6 -Release: 9 +Release: 10 Summary: The Reliable, High Performance TCP/HTTP Load Balancer License: GPLv2+ @@ -34,6 +34,8 @@ Patch13: CVE-2023-45539.patch Patch14: backport-errors-handle-malloc-failure-in-usermsgs_put.patch Patch15: backport-ssl_sock-add-check-for-ha_meth.patch Patch16: backport-thread-add-a-check-for-pthread_create.patch +Patch17: backport-BUG-MINOR-server-add-missing-free-for-server-rdr_pfx.patch +Patch18: backport-BUG-MINOR-server-do-not-leak-default-server-in-defau.patch BuildRequires: gcc lua-devel pcre2-devel openssl-devel systemd-devel systemd libatomic %ifarch sw_64 @@ -138,6 +140,13 @@ exit 0 %{_mandir}/man1/* %changelog +* Mon Mar 11 2024 xinghe - 2.6.6-10 +- Type:bugfix +- CVE:NA +- SUG:restart +- DESC:server: add missing free for server->rdr_pfx + server: do not leak default-server in defaults + * Fri Jan 19 2024 xinghe - 2.6.6-9 - Type:bugfix - CVE:NA