BUG/MAJOR: dns: fix null pointer dereference in snr_update_srv_status

Since commit 13a9232eb ("MEDIUM: dns: use Additional records from SRV
responses"), a struct server can have a NULL dns_requester->resolution,
when SRV records are used and DNS answers contain an Additional section.

This is a problem when we call snr_update_srv_status() because it does
not check that resolution is NULL, and dereferences it. This patch
simply adds a test for resolution being NULL. When that happens, it means
we are using SRV records with Additional records, and an entry was removed.

This should fix issue #775.
This should be backported to 2.2.

(cherry picked from commit 012261ab34e2423df983c502b43b304f84b71c9e)
Signed-off-by: Christopher Faulet <cfaulet@haproxy.com>
(cherry picked from commit 7e7cb73d019c3907dcf74159c91b8f31e9c994d4)
[cf: Must be backported as far as 2.0 because of recent changes on resolvers]
Signed-off-by: Christopher Faulet <cfaulet@haproxy.com>

diff --git a/src/server.c b/src/server.c
index d0fa86e..8f2398f 100644 (file)
--- a/src/server.c
+++ b/src/server.c
@@ -3983,6 +3983,15 @@ int snr_update_srv_status(struct server *s, int has_no_ip)
        struct dns_resolution *resolution = s->dns_requester->resolution;
        int exp;
 
+       /* If resolution is NULL we're dealing with SRV records Additional records */
+       if (resolution == NULL) {
+               if (s->next_admin & SRV_ADMF_RMAINT)
+                       return 1;
+
+               srv_set_admin_flag(s, SRV_ADMF_RMAINT, "entry removed from SRV record");
+               return 0;
+       }
+
        switch (resolution->status) {
                case RSLV_STATUS_NONE:
                        /* status when HAProxy has just (re)started.