BUG/MEDIUM: promex: Use right context pointers to dump backends extra-counters

When backends extra counters are dumped, the wrong pointer was used in the
promex context to retrieve the stats module. p[1] must be used instead of
p[2]. Because of this typo, a infinite loop could be experienced if the
output buffer is full during this stage. But in all cases an overflow is
possible leading to a memory corruption.

This patch may be related to issue #2831. It must be backported as far as
3.0.

(cherry picked from commit 91578212d7cef7405f3631db43a086ac9f9ca162)
Signed-off-by: Christopher Faulet <cfaulet@haproxy.com>
(cherry picked from commit ecd012d853de2ac8996bccd6cb8968d56a86ed84)
Signed-off-by: Christopher Faulet <cfaulet@haproxy.com>

diff --git a/addons/promex/service-prometheus.c b/addons/promex/service-prometheus.c
index 5d26733..c449f39 100644 (file)
--- a/addons/promex/service-prometheus.c
+++ b/addons/promex/service-prometheus.c
@@ -982,7 +982,7 @@ static int promex_dump_back_metrics(struct appctx *appctx, struct htx *htx)
        static struct ist prefix = IST("haproxy_backend_");
        struct promex_ctx *ctx = appctx->svcctx;
        struct proxy *px = ctx->p[0];
-       struct stats_module *mod = ctx->p[2];
+       struct stats_module *mod = ctx->p[1];
        struct server *sv;
        struct field val;
        struct channel *chn = sc_ic(appctx_sc(appctx));