Crash in validate on Redis cluster.lb_endpoints in v1.25

If you are reporting any crash or any potential security issue, do not open an issue in this repo. Please report the issue via emailing envoy-security@googlegroups.com where the issue will be triaged appropriately.

Title: Crash in validate on Redis cluster.endpoints in v1.25

Description: We’ve identified a crash that occurs in validate mode (and only validate mode) when a cluster includes a load_assignment.endpoints for clustered redis. There appears to be no issue when mode is set to ‘serve’.

We’ve tested this case in various versions (1.24, 1.23) and it appears to have been introduced in 1.25 and remains present in all current 1.25 releases. Commenting out the endpoints block returns with “OK” status.

     load_assignment:
        cluster_name: clustered_redis
        # endpoints:
        #   - lb_endpoints:
        #       - endpoint:
        #           address:
        #             socket_address:
        #               address: redis
        #               port_value: 6379

Repro steps:

Admin and Stats Output:

Config:

Envoy.yaml

static_resources:
  clusters:
    - name: clustered_redis
      connect_timeout: 5s
      lb_policy: CLUSTER_PROVIDED
      dns_lookup_family: V4_ONLY
      cluster_type:
        name: envoy.clusters.redis
        typed_config:
          "@type": type.googleapis.com/google.protobuf.Struct
          value:
            cluster_refresh_rate: 10s
            cluster_refresh_timeout: 3s
            redirect_refresh_interval: 5s
            redirect_refresh_threshold: 5
      load_assignment:
        cluster_name: clustered_redis
        endpoints:
          - lb_endpoints:
              - endpoint:
                  address:
                    socket_address:
                      address: redis
                      port_value: 6379
      typed_extension_protocol_options:
        envoy.filters.network.redis_proxy:
          "@type": type.googleapis.com/google.protobuf.Struct
          value:
            auth_password:
              inline_string: test

Dockerfile:

FROM envoyproxy/envoy:v1.25.1
# FROM envoyproxy/envoy:v1.24.2

COPY envoy.yaml /etc/envoy/envoy.yaml

CMD ["envoy", "-c", "/etc/envoy/envoy.yaml", "--mode", "validate"]

docker-compose.yaml

services:
  test:
    build:
      context: .
      dockerfile: Dockerfile
    depends_on:
      - redis
    ports:
      - "6379:6379"
  redis:
    container_name: redis
    image: redis:alpine
    command: redis-server --requirepass test --cluster-enabled yes
    ports:
      - "6379:6379"
    volumes:
      - ./redis.conf:/usr/local/etc/redis/redis.conf

Logs:

[2023-02-27 19:25:58.339][1][info][main] [source/server/server.cc:819] runtime: {}
[2023-02-27 19:25:58.339][1][info][config] [source/server/configuration_impl.cc:131] loading tracing configuration
[2023-02-27 19:25:58.339][1][info][config] [source/server/configuration_impl.cc:91] loading 0 static secret(s)
[2023-02-27 19:25:58.339][1][info][config] [source/server/configuration_impl.cc:97] loading 1 cluster(s)
[2023-02-27 19:25:58.341][1][info][config] [source/server/configuration_impl.cc:101] loading 0 listener(s)
[2023-02-27 19:25:58.341][1][info][config] [source/server/configuration_impl.cc:113] loading stats configuration
configuration '/etc/envoy/envoy.yaml' OK
[2023-02-27 19:25:58.341][1][critical][backtrace] [./source/server/backtrace.h:104] Caught Segmentation fault, suspect faulting address 0x258
[2023-02-27 19:25:58.341][1][critical][backtrace] [./source/server/backtrace.h:91] Backtrace (use tools/stack_decode.py to get line numbers):
[2023-02-27 19:25:58.341][1][critical][backtrace] [./source/server/backtrace.h:92] Envoy version: bae2e9d642a6a8ae6c5d3810f77f3e888f0d97da/1.25.1/Clean/RELEASE/BoringSSL
[2023-02-27 19:25:58.342][1][critical][backtrace] [./source/server/backtrace.h:96] #0: __kernel_rt_sigreturn [0xffff8659b790]
[2023-02-27 19:25:58.342][1][critical][backtrace] [./source/server/backtrace.h:98] #1: [0xaaaadf4e86f8]
[2023-02-27 19:25:58.342][1][critical][backtrace] [./source/server/backtrace.h:98] #2: [0xaaaadf778184]
[2023-02-27 19:25:58.342][1][critical][backtrace] [./source/server/backtrace.h:98] #3: [0xaaaadf777fc4]
[2023-02-27 19:25:58.342][1][critical][backtrace] [./source/server/backtrace.h:98] #4: [0xaaaadfae962c]
[2023-02-27 19:25:58.342][1][critical][backtrace] [./source/server/backtrace.h:98] #5: [0xaaaadfae880c]
[2023-02-27 19:25:58.342][1][critical][backtrace] [./source/server/backtrace.h:98] #6: [0xaaaadf777cec]
[2023-02-27 19:25:58.342][1][critical][backtrace] [./source/server/backtrace.h:98] #7: [0xaaaade07bfb0]
[2023-02-27 19:25:58.342][1][critical][backtrace] [./source/server/backtrace.h:98] #8: [0xaaaadf410dac]
[2023-02-27 19:25:58.342][1][critical][backtrace] [./source/server/backtrace.h:98] #9: [0xaaaadf40ff80]
[2023-02-27 19:25:58.342][1][critical][backtrace] [./source/server/backtrace.h:98] #10: [0xaaaade72e858]
[2023-02-27 19:25:58.342][1][critical][backtrace] [./source/server/backtrace.h:98] #11: [0xaaaade734774]
[2023-02-27 19:25:58.342][1][critical][backtrace] [./source/server/backtrace.h:98] #12: [0xaaaade72d674]
[2023-02-27 19:25:58.342][1][critical][backtrace] [./source/server/backtrace.h:98] #13: [0xaaaadf40f0ac]
[2023-02-27 19:25:58.342][1][critical][backtrace] [./source/server/backtrace.h:98] #14: [0xaaaade077d98]
[2023-02-27 19:25:58.342][1][critical][backtrace] [./source/server/backtrace.h:98] #15: [0xaaaadf4f00a8]
[2023-02-27 19:25:58.342][1][critical][backtrace] [./source/server/backtrace.h:98] #16: [0xaaaadf48c9a8]
[2023-02-27 19:25:58.342][1][critical][backtrace] [./source/server/backtrace.h:98] #17: [0xaaaadf48c4dc]
[2023-02-27 19:25:58.342][1][critical][backtrace] [./source/server/backtrace.h:98] #18: [0xaaaadf47d234]
[2023-02-27 19:25:58.342][1][critical][backtrace] [./source/server/backtrace.h:98] #19: [0xaaaaddfe2edc]
[2023-02-27 19:25:58.342][1][critical][backtrace] [./source/server/backtrace.h:98] #20: [0xaaaaddfe36d8]
[2023-02-27 19:25:58.342][1][critical][backtrace] [./source/server/backtrace.h:98] #21: [0xaaaaddfe113c]
[2023-02-27 19:25:58.342][1][critical][backtrace] [./source/server/backtrace.h:96] #22: __libc_start_main [0xffff86310e10]

Call Stack:

envoyproxy / envoy

Crash in validate on Redis cluster.lb_endpoints in v1.25 #25799