--- /dev/null
+From a72d39058a7a5d004e0c6b69a91663591bb3bf89 Mon Sep 17 00:00:00 2001
+From: Vincent Bernat <vincent@bernat.im>
+Date: Thu, 19 May 2016 11:15:51 +0200
+Subject: [PATCH 1/4] BUG/MAJOR: fix listening IP address storage for frontends
+
+When compiled with GCC 6, the IP address specified for a frontend was
+ignored and HAProxy was listening on all addresses instead. This is
+caused by an incomplete copy of a "struct sockaddr_storage".
+
+With the GNU Libc, "struct sockaddr_storage" is defined as this:
+
+ struct sockaddr_storage
+ {
+ sa_family_t ss_family;
+ unsigned long int __ss_align;
+ char __ss_padding[(128 - (2 * sizeof (unsigned long int)))];
+ };
+
+Doing an aggregate copy (ss1 = ss2) is different than using memcpy():
+only members of the aggregate have to be copied. Notably, padding can be
+or not be copied. In GCC 6, some optimizations use this fact and if a
+"struct sockaddr_storage" contains a "struct sockaddr_in", the port and
+the address are part of the padding (between sa_family and __ss_align)
+and can be not copied over.
+
+Therefore, we replace any aggregate copy by a memcpy(). There is another
+place using the same pattern. We also fix a function receiving a "struct
+sockaddr_storage" by copy instead of by reference. Since it only needs a
+read-only copy, the function is converted to request a reference.
+
+This is a backport for 1.5 of 6e6158 and 6e46ff1.
+---
+ src/cfgparse.c | 4 ++--
+ src/connection.c | 2 +-
+ src/proto_http.c | 12 ++++++------
+ src/proto_tcp.c | 2 +-
+ 4 files changed, 10 insertions(+), 10 deletions(-)
+
+diff --git a/src/cfgparse.c b/src/cfgparse.c
+index 39abf6b..9331415 100644
+--- a/src/cfgparse.c
++++ b/src/cfgparse.c
+@@ -280,7 +280,7 @@ int str2listener(char *str, struct proxy *curproxy, struct bind_conf *bind_conf,
+ }
+
+ /* OK the address looks correct */
+- ss = *ss2;
++ memcpy(&ss, ss2, sizeof(ss));
+
+ for (; port <= end; port++) {
+ l = (struct listener *)calloc(1, sizeof(struct listener));
+@@ -291,7 +291,7 @@ int str2listener(char *str, struct proxy *curproxy, struct bind_conf *bind_conf,
+ l->bind_conf = bind_conf;
+
+ l->fd = fd;
+- l->addr = ss;
++ memcpy(&l->addr, &ss, sizeof(ss));
+ l->xprt = &raw_sock;
+ l->state = LI_INIT;
+
+diff --git a/src/connection.c b/src/connection.c
+index dab1c90..09fd04e 100644
+--- a/src/connection.c
++++ b/src/connection.c
+@@ -620,7 +620,7 @@ int make_proxy_line_v2(char *buf, int buf_len, struct server *srv, struct connec
+ const char pp2_signature[] = PP2_SIGNATURE;
+ int ret = 0;
+ struct proxy_hdr_v2 *hdr = (struct proxy_hdr_v2 *)buf;
+- struct sockaddr_storage null_addr = {0};
++ struct sockaddr_storage null_addr = { .ss_family = 0 };
+ struct sockaddr_storage *src = &null_addr;
+ struct sockaddr_storage *dst = &null_addr;
+ #ifdef USE_OPENSSL
+diff --git a/src/proto_http.c b/src/proto_http.c
+index b3aa4d8..0b13c5e 100644
+--- a/src/proto_http.c
++++ b/src/proto_http.c
+@@ -3220,15 +3220,15 @@ int http_handle_stats(struct session *s, struct channel *req)
+ /* Sets the TOS header in IPv4 and the traffic class header in IPv6 packets
+ * (as per RFC3260 #4 and BCP37 #4.2 and #5.2).
+ */
+-static inline void inet_set_tos(int fd, struct sockaddr_storage from, int tos)
++static inline void inet_set_tos(int fd, struct sockaddr_storage *from, int tos)
+ {
+ #ifdef IP_TOS
+- if (from.ss_family == AF_INET)
++ if (from->ss_family == AF_INET)
+ setsockopt(fd, IPPROTO_IP, IP_TOS, &tos, sizeof(tos));
+ #endif
+ #ifdef IPV6_TCLASS
+- if (from.ss_family == AF_INET6) {
+- if (IN6_IS_ADDR_V4MAPPED(&((struct sockaddr_in6 *)&from)->sin6_addr))
++ if (from->ss_family == AF_INET6) {
++ if (IN6_IS_ADDR_V4MAPPED(&((struct sockaddr_in6 *)from)->sin6_addr))
+ /* v4-mapped addresses need IP_TOS */
+ setsockopt(fd, IPPROTO_IP, IP_TOS, &tos, sizeof(tos));
+ else
+@@ -3366,7 +3366,7 @@ http_req_get_intercept_rule(struct proxy *px, struct list *rules, struct session
+
+ case HTTP_REQ_ACT_SET_TOS:
+ if ((cli_conn = objt_conn(s->req->prod->end)) && conn_ctrl_ready(cli_conn))
+- inet_set_tos(cli_conn->t.sock.fd, cli_conn->addr.from, rule->arg.tos);
++ inet_set_tos(cli_conn->t.sock.fd, &cli_conn->addr.from, rule->arg.tos);
+ break;
+
+ case HTTP_REQ_ACT_SET_MARK:
+@@ -3563,7 +3563,7 @@ http_res_get_intercept_rule(struct proxy *px, struct list *rules, struct session
+
+ case HTTP_RES_ACT_SET_TOS:
+ if ((cli_conn = objt_conn(s->req->prod->end)) && conn_ctrl_ready(cli_conn))
+- inet_set_tos(cli_conn->t.sock.fd, cli_conn->addr.from, rule->arg.tos);
++ inet_set_tos(cli_conn->t.sock.fd, &cli_conn->addr.from, rule->arg.tos);
+ break;
+
+ case HTTP_RES_ACT_SET_MARK:
+diff --git a/src/proto_tcp.c b/src/proto_tcp.c
+index cfa62f7..8c06441 100644
+--- a/src/proto_tcp.c
++++ b/src/proto_tcp.c
+@@ -394,7 +394,7 @@ int tcp_connect_server(struct connection *conn, int data, int delack)
+ struct sockaddr_storage sa;
+
+ ret = 1;
+- sa = src->source_addr;
++ memcpy(&sa, &src->source_addr, sizeof(sa));
+
+ do {
+ /* note: in case of retry, we may have to release a previously
+--
+2.7.3
+
--- /dev/null
+From fab41521192c6f62f0284faf53d6ad40955ef3db Mon Sep 17 00:00:00 2001
+From: David CARLIER <devnexen@gmail.com>
+Date: Thu, 24 Mar 2016 09:22:36 +0000
+Subject: [PATCH 2/4] CLEANUP: connection: fix double negation on memcmp()
+
+Nothing harmful in here, just clarify that it applies to the whole
+expression.
+
+(cherry picked from commit 42ff05e2d3d10e8a1e070e66e8883c5eabe196d7)
+(cherry picked from commit c4809151b4c9ccc312cb451e99fd556e867242fc)
+---
+ src/connection.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/src/connection.c b/src/connection.c
+index 09fd04e..af18878 100644
+--- a/src/connection.c
++++ b/src/connection.c
+@@ -289,7 +289,7 @@ int conn_recv_proxy(struct connection *conn, int flag)
+ if (trash.len < 9) /* shortest possible line */
+ goto missing;
+
+- if (!memcmp(line, "TCP4 ", 5) != 0) {
++ if (memcmp(line, "TCP4 ", 5) == 0) {
+ u32 src3, dst3, sport, dport;
+
+ line += 5;
+@@ -330,7 +330,7 @@ int conn_recv_proxy(struct connection *conn, int flag)
+ ((struct sockaddr_in *)&conn->addr.to)->sin_port = htons(dport);
+ conn->flags |= CO_FL_ADDR_FROM_SET | CO_FL_ADDR_TO_SET;
+ }
+- else if (!memcmp(line, "TCP6 ", 5) != 0) {
++ else if (memcmp(line, "TCP6 ", 5) == 0) {
+ u32 sport, dport;
+ char *src_s;
+ char *dst_s, *sport_s, *dport_s;
+--
+2.7.3
+
--- /dev/null
+From 294c8d2f81847e0e2d26aa0700564ac2f6aaffa6 Mon Sep 17 00:00:00 2001
+From: Thierry Fournier <thierry.fournier@ozon.io>
+Date: Mon, 6 Jun 2016 18:28:05 +0200
+Subject: [PATCH 3/4] BUG/MEDIUM: sticktables: segfault in some configuration
+ error cases
+
+When a stick table is tracked, and another one is used later on the
+configuration, a segfault occurs.
+
+The function "smp_create_src_stkctr" can return a NULL value, and
+its value is not tested, so one other function try to dereference
+a NULL pointer. This patch just add a verification of the NULL
+pointer.
+
+The problem is reproduced with this configuration:
+
+ listen www
+ mode http
+ bind :12345
+ tcp-request content track-sc0 src table IPv4
+ http-request allow if { sc0_inc_gpc0(IPv6) gt 0 }
+ server dummy 127.0.0.1:80
+ backend IPv4
+ stick-table type ip size 10 expire 60s store gpc0
+ backend IPv6
+ stick-table type ipv6 size 10 expire 60s store gpc0
+
+Thank to kabefuna@gmail.com for the bug report.
+
+This patch must be backported in the 1.6 and 1.5 version.
+(cherry picked from commit 6fc340ff07171bb85d11d835fa4158bbdef240a0)
+(cherry picked from commit 4693e2302271252044038c9be38487fb16218e5b)
+---
+ src/session.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/session.c b/src/session.c
+index 4e84803..fbd5094 100644
+--- a/src/session.c
++++ b/src/session.c
+@@ -2908,7 +2908,7 @@ smp_fetch_sc_inc_gpc0(struct proxy *px, struct session *l4, void *l7, unsigned i
+ smp->flags = SMP_F_VOL_TEST;
+ smp->type = SMP_T_UINT;
+ smp->data.uint = 0;
+- if (stkctr_entry(stkctr) != NULL) {
++ if (stkctr && stkctr_entry(stkctr)) {
+ void *ptr;
+
+ /* First, update gpc0_rate if it's tracked. Second, update its
+--
+2.7.3
+
--- /dev/null
+From cba3bd6e5ce9b0be83c701c3c7a103d01d5b516d Mon Sep 17 00:00:00 2001
+From: Thierry Fournier <thierry.fournier@ozon.io>
+Date: Wed, 1 Jun 2016 13:36:20 +0200
+Subject: [PATCH 4/4] BUG/MINOR: http: add-header: header name copied twice
+
+The header name is copied two time in the buffer. The first copy is a printf-like
+function writing the name and the http separators in the buffer, and the second
+form is a memcopy. This seems to be inherited from some changes. This patch
+removes the printf like, format.
+
+This patch must be backported in 1.6 and 1.5 versions
+(cherry picked from commit 53c1a9b7cb8f3fe79b5492218363b6c0ff608fc1)
+(cherry picked from commit d281d68d3aa010f7e1a635c92ab486f7f2c666b9)
+---
+ src/proto_http.c | 1 -
+ 1 file changed, 1 deletion(-)
+
+diff --git a/src/proto_http.c b/src/proto_http.c
+index 0b13c5e..8801592 100644
+--- a/src/proto_http.c
++++ b/src/proto_http.c
+@@ -3399,7 +3399,6 @@ http_req_get_intercept_rule(struct proxy *px, struct list *rules, struct session
+
+ case HTTP_REQ_ACT_SET_HDR:
+ case HTTP_REQ_ACT_ADD_HDR:
+- chunk_printf(&trash, "%s: ", rule->arg.hdr_add.name);
+ memcpy(trash.str, rule->arg.hdr_add.name, rule->arg.hdr_add.name_len);
+ trash.len = rule->arg.hdr_add.name_len;
+ trash.str[trash.len++] = ':';
+--
+2.7.3
+
projects / feed / packages.git / commitdiff