From: Jerome Magnin Date: Tue, 28 Jul 2020 11:38:22 +0000 (+0200) Subject: BUG/MAJOR: dns: fix null pointer dereference in snr_update_srv_status X-Git-Url: http://git.haproxy.org/?a=commitdiff_plain;h=852aca0c562de04f22601e3183e4d76ae9d1fcc9;p=haproxy-2.1.git BUG/MAJOR: dns: fix null pointer dereference in snr_update_srv_status Since commit 13a9232eb ("MEDIUM: dns: use Additional records from SRV responses"), a struct server can have a NULL dns_requester->resolution, when SRV records are used and DNS answers contain an Additional section. This is a problem when we call snr_update_srv_status() because it does not check that resolution is NULL, and dereferences it. This patch simply adds a test for resolution being NULL. When that happens, it means we are using SRV records with Additional records, and an entry was removed. This should fix issue #775. This should be backported to 2.2. (cherry picked from commit 012261ab34e2423df983c502b43b304f84b71c9e) Signed-off-by: Christopher Faulet (cherry picked from commit 7e7cb73d019c3907dcf74159c91b8f31e9c994d4) [cf: Must be backported as far as 2.0 because of recent changes on resolvers] Signed-off-by: Christopher Faulet --- diff --git a/src/server.c b/src/server.c index d0fa86e..8f2398f 100644 --- a/src/server.c +++ b/src/server.c @@ -3983,6 +3983,15 @@ int snr_update_srv_status(struct server *s, int has_no_ip) struct dns_resolution *resolution = s->dns_requester->resolution; int exp; + /* If resolution is NULL we're dealing with SRV records Additional records */ + if (resolution == NULL) { + if (s->next_admin & SRV_ADMF_RMAINT) + return 1; + + srv_set_admin_flag(s, SRV_ADMF_RMAINT, "entry removed from SRV record"); + return 0; + } + switch (resolution->status) { case RSLV_STATUS_NONE: /* status when HAProxy has just (re)started.