From 9475e69920f04174496caf71fcabf6e72824f5c2 Mon Sep 17 00:00:00 2001 From: Alexander Stephan Date: Thu, 25 Jun 2026 09:02:06 +0000 Subject: [PATCH] BUG/MINOR: sample: set SMP_F_CONST on srv_name fetch smp_fetch_srv_name() stored a raw pointer to srv->id in the sample without setting SMP_F_CONST. Every other sibling id-pointer fetch (smp_fetch_be_name on px->id, smp_fetch_fe_name on fe->id, the SSL helpers using OBJ_nid2sn() / SSL_get_cipher_name(), etc.) correctly sets SMP_F_CONST to prevent in-place mutation by converters such as ,upper / ,lower / ,regsub. Without SMP_F_CONST, an expression like srv_name,lower would write into srv->id for the lifetime of the process. In practice this has gone unnoticed because srv->id is a private allocation that is never read back by name, but the bug is real and the divergence from the other id fetches is unintentional. This becomes more important with the introduction of runtime server renaming (next patch in series): SMP_F_CONST ensures that callers go through smp_make_rw() / smp_dup() before mutating, isolating the sample's bytes from the server's id storage. This is a stand-alone fix and should be backported. --- src/backend.c | 1 + 1 file changed, 1 insertion(+) diff --git a/src/backend.c b/src/backend.c index efa90af98..d04466eea 100644 --- a/src/backend.c +++ b/src/backend.c @@ -3505,6 +3505,7 @@ smp_fetch_srv_name(const struct arg *args, struct sample *smp, const char *kw, v return 0; smp->data.type = SMP_T_STR; + smp->flags = SMP_F_CONST; smp->data.u.str.data = strlen(smp->data.u.str.area); return 1; -- 2.47.3