BUG/MINOR: Fix several leaks of 'log_tag' in init().

We use chunk_initstr() to store the program name as the default log-tag.

If we use the log-tag directive in the config file, this chunk will be
destroyed and replaced. chunk_initstr() sets the chunk size to 0 so we
will free the chunk itself, but not its content.

This happens for a global section and also for a proxy.

We fix this by using chunk_initlen() instead of chunk_initstr().
We also check that the memory allocation was successfull, otherwise we quit.

This fixes github issue #850.
It can be backported as far as 1.9, with minor adjustments to includes.

(cherry picked from commit 7cea6065aca04c91fc5109e581f124a46b2b5242)
Signed-off-by: Willy Tarreau <w@1wt.eu>
(cherry picked from commit 7566bcfa5a1d28e8c9d5f9ca1dfe0ebe791052eb)
Signed-off-by: Christopher Faulet <cfaulet@haproxy.com>

diff --git a/src/cfgparse-global.c b/src/cfgparse-global.c
index dd37559..ac23448 100644 (file)
--- a/src/cfgparse-global.c
+++ b/src/cfgparse-global.c
@@ -12,6 +12,7 @@
 #include <unistd.h>
 
 #include <common/cfgparse.h>
+#include <common/buf.h>
 #include <proto/compression.h>
 
 /*
@@ -920,7 +921,13 @@ int cfg_parse_global(const char *file, int linenum, char **args, int kwm)
                        goto out;
                }
                chunk_destroy(&global.log_tag);
-               chunk_initstr(&global.log_tag, strdup(args[1]));
+               chunk_initlen(&global.log_tag, strdup(args[1]), strlen(args[1]), strlen(args[1]));
+               if (b_orig(&global.log_tag) == NULL) {
+                       chunk_destroy(&global.log_tag);
+                       ha_alert("parsing [%s:%d]: cannot allocate memory for '%s'.\n", file, linenum, args[0]);
+                       err_code |= ERR_ALERT | ERR_FATAL;
+                       goto out;
+               }
        }
        else if (!strcmp(args[0], "spread-checks")) {  /* random time between checks (0-50) */
                if (alertif_too_many_args(1, file, linenum, args, &err_code))

diff --git a/src/cfgparse-listen.c b/src/cfgparse-listen.c
index 4a3cdb1..f54912f 100644 (file)
--- a/src/cfgparse-listen.c
+++ b/src/cfgparse-listen.c
@@ -12,6 +12,7 @@
 #include <unistd.h>
 
 #include <common/cfgparse.h>
+#include <common/buf.h>
 #include <common/uri_auth.h>
 
 #include <types/capture.h>
@@ -3656,7 +3657,13 @@ stats_error_parsing:
                        goto out;
                }
                chunk_destroy(&curproxy->log_tag);
-               chunk_initstr(&curproxy->log_tag, strdup(args[1]));
+               chunk_initlen(&curproxy->log_tag, strdup(args[1]), strlen(args[1]), strlen(args[1]));
+               if (b_orig(&curproxy->log_tag) == NULL) {
+                       chunk_destroy(&curproxy->log_tag);
+                       ha_alert("parsing [%s:%d]: cannot allocate memory for '%s'.\n", file, linenum, args[0]);
+                       err_code |= ERR_ALERT | ERR_FATAL;
+                       goto out;
+               }
        }
        else if (!strcmp(args[0], "log")) { /* "no log" or "log ..." */
                if (!parse_logsrv(args, &curproxy->logsrvs, (kwm == KWM_NO), &errmsg)) {

diff --git a/src/haproxy.c b/src/haproxy.c
index 5609417..e490dc4 100644 (file)
--- a/src/haproxy.c
+++ b/src/haproxy.c
@@ -1754,7 +1754,12 @@ static void init(int argc, char **argv)
                progname = tmp + 1;
 
        /* the process name is used for the logs only */
-       chunk_initstr(&global.log_tag, strdup(progname));
+       chunk_initlen(&global.log_tag, strdup(progname), strlen(progname), strlen(progname));
+       if (b_orig(&global.log_tag) == NULL) {
+               chunk_destroy(&global.log_tag);
+               ha_alert("Cannot allocate memory for log_tag.\n");
+               exit(EXIT_FAILURE);
+       }
 
        argc--; argv++;
        while (argc > 0) {