out_http: Plug a NULL dereference

[cosmo0920]

Closes #10918.

---

Enter [N/A] in the box, if an item is not applicable to your change.

Testing
Before we can approve your change; please submit the following in a comment:

• Example configuration file for the change
• Debug log output from testing the change

• Attached Valgrind output that shows no leaks or memory corruption was found

If this is a change to packaging of containers or native binaries then please confirm it works for all targets.

• Run local packaging test showing all targets (including any new ones) build.
• Set ok-package-test label to test for all targets (requires maintainer to do).

Documentation

• Documentation required for this feature

Backporting

• Backport to latest stable release.

---

Fluent Bit is licensed under Apache 2.0, by submitting this pull request I understand that this code will be released under the terms of that license.

Summary by CodeRabbit

• Bug Fixes
  • Enhanced HTTP connection reliability with improved failure detection and automatic recovery when client initialization encounters issues. Ensures proper resource cleanup during error conditions.

[coderabbitai]

Walkthrough

Adds NULL check after flb_http_client() call in the HTTP output plugin. When client creation fails, the code logs an error, frees allocated buffers, releases the TCP connection, and returns FLB_RETRY for proper resource cleanup and retry behavior.

Changes

Cohort / File(s)	Summary
HTTP Client Null Safety plugins/out_http/http.c	Added defensive NULL check after flb_http_client() call with error logging, buffer cleanup, and connection release on client creation failure

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~5 minutes

Suggested labels

backport to v4.0.x

Suggested reviewers

• edsiper
• koleini
• fujimotos

Poem

🐰 A null pointer was lurking about,
So I checked and cleaned up—no doubt!
Free the buffers with care,
Release connections fair,
Now the HTTP plugin won't crash or pout! 🥕

Pre-merge checks and finishing touches

❌ Failed checks (1 warning, 1 inconclusive)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 0.00% which is insufficient. The required threshold is 80.00%.	You can run @coderabbitai generate docstrings to improve docstring coverage.
Linked Issues Check	❓ Inconclusive	The raw summary clearly demonstrates that the pull request addresses the first objective from issue #10918: adding a NULL check after flb_http_client() to prevent dereferencing a NULL client when client creation fails. However, the summary provides insufficient detail about the other two requirements from the linked issue—specifically whether header strings allocated by extract_headers() are freed on early return paths, and whether client destruction is guarded with a NULL check. The summary mentions freeing "allocated payload buffer" but does not explicitly confirm addressing header string deallocation or client destruction NULL guarding, making it unclear whether all three coding requirements are fully satisfied.	To conclusively verify compliance, review the actual code changes to confirm that: (1) the NULL check after flb_http_client() is present, (2) header strings are properly freed on all early return paths from http_request(), and (3) client destruction calls are guarded with NULL checks. This will ensure all three objectives from issue #10918 are fully implemented in the changeset.

✅ Passed checks (3 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title Check	✅ Passed	The title "out_http: Plug a NULL dereference" is concise and clearly communicates the primary change in the pull request. It specifically identifies the component (out_http plugin) and the main fix (plugging a NULL dereference vulnerability). The title directly aligns with the raw summary, which describes defensive handling for failed HTTP client creation that could result in NULL pointer dereference. The phrasing is clear and specific enough for reviewers to quickly understand the nature of the fix.
Out of Scope Changes Check	✅ Passed	The changes are focused exclusively on plugins/out_http/http.c within the http_post/http_request function, directly addressing the NULL dereference vulnerability identified in the linked issue #10918. The modifications include defensive handling for HTTP client creation failure with appropriate error logging, resource cleanup (freeing allocated buffers, releasing TCP connections), and retry logic. All changes are directly related to the stated objectives of fixing the NULL dereference and memory management issues in the HTTP output plugin.

✨ Finishing touches

• 📝 Generate docstrings

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch cosmo0920-fix-NULL-deref-on-failure

---

📜 Recent review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between d3be337 and 2f83037.

📒 Files selected for processing (1)

• plugins/out_http/http.c (1 hunks)

🧰 Additional context used

🧬 Code graph analysis (1)

plugins/out_http/http.c (2)

include/fluent-bit/flb_mem.h (1)

• flb_free (126-128)

src/flb_upstream.c (1)

• flb_upstream_conn_release (862-947)

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (30)

• GitHub Check: pr-windows-build / call-build-windows-package (Windows 32bit, x86, x86-windows-static, 3.31.6)
• GitHub Check: pr-windows-build / call-build-windows-package (Windows 64bit, x64, x64-windows-static, 3.31.6)
• GitHub Check: pr-windows-build / call-build-windows-package (Windows 64bit (Arm64), amd64_arm64, -DCMAKE_SYSTEM_NAME=Windows -DCMA...
• GitHub Check: pr-compile-without-cxx (3.31.6)
• GitHub Check: pr-compile-system-libs (-DFLB_PREFER_SYSTEM_LIBS=On, 3.31.6, clang, clang++, ubuntu-22.04, clang-12)
• GitHub Check: pr-compile-system-libs (-DFLB_PREFER_SYSTEM_LIBS=On, 3.31.6, clang, clang++, ubuntu-24.04, clang-14)
• GitHub Check: pr-compile-system-libs (-DFLB_PREFER_SYSTEM_LIBS=On, 3.31.6, gcc, g++, ubuntu-22.04, clang-12)
• GitHub Check: pr-compile-system-libs (-DFLB_PREFER_SYSTEM_LIBS=On, 3.31.6, gcc, g++, ubuntu-24.04, clang-14)
• GitHub Check: pr-compile-centos-7
• GitHub Check: run-ubuntu-unit-tests (-DFLB_SIMD=Off, 3.31.6, clang, clang++)
• GitHub Check: run-ubuntu-unit-tests (-DFLB_SANITIZE_MEMORY=On, 3.31.6, gcc, g++)
• GitHub Check: run-ubuntu-unit-tests (-DFLB_ARROW=On, 3.31.6, gcc, g++)
• GitHub Check: run-ubuntu-unit-tests (-DFLB_SIMD=On, 3.31.6, gcc, g++)
• GitHub Check: run-ubuntu-unit-tests (-DSANITIZE_UNDEFINED=On, 3.31.6, clang, clang++)
• GitHub Check: run-ubuntu-unit-tests (-DFLB_SANITIZE_MEMORY=On, 3.31.6, clang, clang++)
• GitHub Check: run-ubuntu-unit-tests (-DFLB_SIMD=On, 3.31.6, clang, clang++)
• GitHub Check: run-ubuntu-unit-tests (-DFLB_SANITIZE_THREAD=On, 3.31.6, gcc, g++)
• GitHub Check: run-ubuntu-unit-tests (-DFLB_SIMD=Off, 3.31.6, gcc, g++)
• GitHub Check: run-ubuntu-unit-tests (-DFLB_SANITIZE_THREAD=On, 3.31.6, clang, clang++)
• GitHub Check: run-ubuntu-unit-tests (-DFLB_COVERAGE=On, 3.31.6, gcc, g++)
• GitHub Check: run-ubuntu-unit-tests (-DSANITIZE_UNDEFINED=On, 3.31.6, gcc, g++)
• GitHub Check: run-ubuntu-unit-tests (-DSANITIZE_ADDRESS=On, 3.31.6, gcc, g++)
• GitHub Check: PR - fuzzing test
• GitHub Check: run-ubuntu-unit-tests (-DFLB_SMALL=On, 3.31.6, clang, clang++)
• GitHub Check: run-ubuntu-unit-tests (-DSANITIZE_ADDRESS=On, 3.31.6, clang, clang++)
• GitHub Check: run-ubuntu-unit-tests (-DFLB_SMALL=On, 3.31.6, gcc, g++)
• GitHub Check: run-ubuntu-unit-tests (-DFLB_JEMALLOC=On, 3.31.6, clang, clang++)
• GitHub Check: run-ubuntu-unit-tests (-DFLB_JEMALLOC=On, 3.31.6, gcc, g++)
• GitHub Check: run-ubuntu-unit-tests (-DFLB_JEMALLOC=Off, 3.31.6, gcc, g++)
• GitHub Check: run-ubuntu-unit-tests (-DFLB_JEMALLOC=Off, 3.31.6, clang, clang++)

🔇 Additional comments (1)

plugins/out_http/http.c (1)

181-192: LGTM! Excellent fix for the NULL dereference issue.

This change correctly addresses the crash vulnerability when HTTP client creation fails. The implementation properly handles resource cleanup:

• Logs a clear error message for debugging
• Frees the compressed payload buffer only when it was allocated (line 183-185)
• Releases the upstream TCP connection to prevent resource leaks (line 187-189)
• Returns FLB_RETRY for appropriate retry behavior on resource exhaustion

The defensive NULL check on u_conn at line 187 is good practice in error paths, even though u_conn was already verified non-NULL at line 135.

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}