From f88f162868df9053ca71e3be0628221c36153d9a Mon Sep 17 00:00:00 2001 From: Aurelien DARRAGON Date: Tue, 8 Oct 2024 11:42:14 +0200 Subject: [PATCH] BUG/MEDIUM: hlua: properly handle sample func errors in hlua_run_sample_{fetch,conv}() To execute sample fetches and converters from lua. hlua API leverages the sample API. Prior to executing the sample func, the arg checker is called from hlua_run_sample_{fetch,conv}() to detect potential errors. However, hlua_run_sample_{fetch,conv}() both pass NULL as argument, but it is wrong for two reasons. First we miss an opportunity to report precise error messages to help the user know what went wrong during the check.. and more importantly, some val check functions consider that the pointer is never NULL. This is the case for example with check_crypto_hmac(). Because of this, when such val check functions encounter an error, they will crash the process because they will try to de-reference NULL. This bug was discovered and reported by GH user @JB0925 on #2745. Perhaps val check functions should make sure that the provided pointer is != NULL prior to de-referencing it. But since there are multiple occurences found in the code and the API isn't clear about that, it is easier to fix the hlua part (caller) for now. To fix the issue, let's always provide a valid pointer when leveraging val_arg() check function pointer, and make use of it in case or error to report relevant message to the user before freeing it. It should be backported to all stable versions. --- src/hlua.c | 12 ++++++++---- 1 file changed, 8 insertions(+), 4 deletions(-) diff --git a/src/hlua.c b/src/hlua.c index eab77324ca4d..89c26981c8eb 100644 --- a/src/hlua.c +++ b/src/hlua.c @@ -4816,6 +4816,7 @@ __LJMP static int hlua_run_sample_fetch(lua_State *L) { struct hlua_smp *hsmp; struct sample_fetch *f; + char *errmsg = NULL; struct arg args[ARGM_NBARGS + 1] = {{0}}; int i; struct sample smp; @@ -4847,8 +4848,9 @@ __LJMP static int hlua_run_sample_fetch(lua_State *L) MAY_LJMP(hlua_lua2arg_check(L, 2, args, f->arg_mask, hsmp->p)); /* Run the special args checker. */ - if (f->val_args && !f->val_args(args, NULL)) { - hlua_pushfstring_safe(L, "error in arguments"); + if (f->val_args && !f->val_args(args, &errmsg)) { + hlua_pushfstring_safe(L, "error in arguments: %s", errmsg); + ha_free(&errmsg); goto error; } @@ -4938,6 +4940,7 @@ __LJMP static int hlua_run_sample_conv(lua_State *L) { struct hlua_smp *hsmp; struct sample_conv *conv; + char *errmsg = NULL; struct arg args[ARGM_NBARGS + 1] = {{0}}; int i; struct sample smp; @@ -4961,8 +4964,9 @@ __LJMP static int hlua_run_sample_conv(lua_State *L) MAY_LJMP(hlua_lua2arg_check(L, 3, args, conv->arg_mask, hsmp->p)); /* Run the special args checker. */ - if (conv->val_args && !conv->val_args(args, conv, "", 0, NULL)) { - hlua_pusherror(L, "error in arguments"); + if (conv->val_args && !conv->val_args(args, conv, "", 0, &errmsg)) { + hlua_pushfstring_safe(L, "error in arguments: %s", errmsg); + ha_free(&errmsg); goto error; }