From c44b4fdfef7fb925257e4ff4e931de55eca87f2a Mon Sep 17 00:00:00 2001
From: Eric Salama <esalama@haproxy.com>
Date: Fri, 2 Oct 2020 11:58:19 +0200
Subject: [PATCH] BUG/MINOR: Fix several leaks of 'log_tag' in init().

We use chunk_initstr() to store the program name as the default log-tag.

If we use the log-tag directive in the config file, this chunk will be
destroyed and replaced. chunk_initstr() sets the chunk size to 0 so we
will free the chunk itself, but not its content.

This happens for a global section and also for a proxy.

We fix this by using chunk_initlen() instead of chunk_initstr().
We also check that the memory allocation was successfull, otherwise we quit.

This fixes github issue #850.
It can be backported as far as 1.9, with minor adjustments to includes.

(cherry picked from commit 7cea6065aca04c91fc5109e581f124a46b2b5242)
Signed-off-by: Willy Tarreau <w@1wt.eu>
(cherry picked from commit 7566bcfa5a1d28e8c9d5f9ca1dfe0ebe791052eb)
Signed-off-by: Christopher Faulet <cfaulet@haproxy.com>
---
 src/cfgparse-global.c |    9 ++++++++-
 src/cfgparse-listen.c |    9 ++++++++-
 src/haproxy.c         |    7 ++++++-
 3 files changed, 22 insertions(+), 3 deletions(-)

diff --git a/src/cfgparse-global.c b/src/cfgparse-global.c
index dd37559..ac23448 100644
--- a/src/cfgparse-global.c
+++ b/src/cfgparse-global.c
@@ -12,6 +12,7 @@
 #include <unistd.h>
 
 #include <common/cfgparse.h>
+#include <common/buf.h>
 #include <proto/compression.h>
 
 /*
@@ -920,7 +921,13 @@ int cfg_parse_global(const char *file, int linenum, char **args, int kwm)
 			goto out;
 		}
 		chunk_destroy(&global.log_tag);
-		chunk_initstr(&global.log_tag, strdup(args[1]));
+		chunk_initlen(&global.log_tag, strdup(args[1]), strlen(args[1]), strlen(args[1]));
+		if (b_orig(&global.log_tag) == NULL) {
+			chunk_destroy(&global.log_tag);
+			ha_alert("parsing [%s:%d]: cannot allocate memory for '%s'.\n", file, linenum, args[0]);
+			err_code |= ERR_ALERT | ERR_FATAL;
+			goto out;
+		}
 	}
 	else if (!strcmp(args[0], "spread-checks")) {  /* random time between checks (0-50) */
 		if (alertif_too_many_args(1, file, linenum, args, &err_code))
diff --git a/src/cfgparse-listen.c b/src/cfgparse-listen.c
index 4a3cdb1..f54912f 100644
--- a/src/cfgparse-listen.c
+++ b/src/cfgparse-listen.c
@@ -12,6 +12,7 @@
 #include <unistd.h>
 
 #include <common/cfgparse.h>
+#include <common/buf.h>
 #include <common/uri_auth.h>
 
 #include <types/capture.h>
@@ -3656,7 +3657,13 @@ stats_error_parsing:
 			goto out;
 		}
 		chunk_destroy(&curproxy->log_tag);
-		chunk_initstr(&curproxy->log_tag, strdup(args[1]));
+		chunk_initlen(&curproxy->log_tag, strdup(args[1]), strlen(args[1]), strlen(args[1]));
+		if (b_orig(&curproxy->log_tag) == NULL) {
+			chunk_destroy(&curproxy->log_tag);
+			ha_alert("parsing [%s:%d]: cannot allocate memory for '%s'.\n", file, linenum, args[0]);
+			err_code |= ERR_ALERT | ERR_FATAL;
+			goto out;
+		}
 	}
 	else if (!strcmp(args[0], "log")) { /* "no log" or "log ..." */
 		if (!parse_logsrv(args, &curproxy->logsrvs, (kwm == KWM_NO), &errmsg)) {
diff --git a/src/haproxy.c b/src/haproxy.c
index 5609417..e490dc4 100644
--- a/src/haproxy.c
+++ b/src/haproxy.c
@@ -1754,7 +1754,12 @@ static void init(int argc, char **argv)
 		progname = tmp + 1;
 
 	/* the process name is used for the logs only */
-	chunk_initstr(&global.log_tag, strdup(progname));
+	chunk_initlen(&global.log_tag, strdup(progname), strlen(progname), strlen(progname));
+	if (b_orig(&global.log_tag) == NULL) {
+		chunk_destroy(&global.log_tag);
+		ha_alert("Cannot allocate memory for log_tag.\n");
+		exit(EXIT_FAILURE);
+	}
 
 	argc--; argv++;
 	while (argc > 0) {
-- 
1.7.10.4