From 7895726bffb14dd463a969fb8ffaec4ed44ef8b8 Mon Sep 17 00:00:00 2001
From: Aurelien DARRAGON <adarragon@haproxy.com>
Date: Tue, 18 Mar 2025 00:09:59 +0100
Subject: [PATCH] BUG/MINOR: log: prevent saddr NULL deref in
 syslog_io_handler()

In ad0133cc ("MINOR: log: handle log-forward "option host""), we
de-reference saddr without first checking if saddr is NULL. In practise
saddr shouldn't be null, but it may be the case if memory error happens
for tcp syslog handler so we must assume that it can be NULL at some
point.

To fix the bug, we simply check for NULL before de-referencing it
under syslog_io_handler(), as the function comment suggests.

No backport needed unless ad0133cc is.
---
 src/log.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/log.c b/src/log.c
index 73da32939..f8e48ca86 100644
--- a/src/log.c
+++ b/src/log.c
@@ -5739,7 +5739,7 @@ static void syslog_process_message(struct proxy *frontend, struct listener *l,
 
 	parse_log_message(buf->area, buf->data, &level, &facility, metadata, &message, &size);
 
-	if (real_family(saddr->ss_family) == AF_UNIX)
+	if (saddr && real_family(saddr->ss_family) == AF_UNIX)
 		saddr = NULL; /* no source information for UNIX addresses */
 
 	/* handle host options */