upstream/haproxy
1
0
Fork 0
mirror of https://github.com/haproxy/haproxy.git synced 2026-06-09 00:32:33 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions 8

BUG/MEDIUM: check: Skip tcpcheck post-config for external checks

Browse source 
When an external check was configured on a backend, the tcpcheck post config
for backend's servers was still performed instead to be skipped. The led to
a NULL-deref on the tcpcheck ruleset pointer and so to a segfault.

It seems to be only an issue for the 3.4 and higher. However, for older
versions, the tcpcheck post-config is still performed for external checks
and it is not really clean. This can hide some bugs.

For the 3.4, a workaround consists in configuring the backend to use a
tcp-check before configuring the external check:

  backend be
    option tcp-check
    option external-check
    ...

This patch should fix the issue #3407. It could be good to backport it to
all supported versions.
This commit is contained in:
Christopher Faulet 2026-06-04 18:43:12 +02:00
parent 7835e1fcbe
commit 6a7b27a0a4
1 changed files with 3 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
src/check.c
View file

@ -1799,6 +1799,9 @@ int init_srv_check(struct server *srv)
if (!srv->do_check || !(srv->proxy->cap & PR_CAP_BE))
goto out;
if ((srv->proxy->options2 & PR_O2_CHK_ANY) != PR_O2_TCPCHK_CHK)
goto init;
check_type = srv->check.tcpcheck->rs->flags & TCPCHK_RULES_PROTO_CHK;
if (!(srv->flags & SRV_F_DYNAMIC)) {