haproxy: fixes from upstream

- [PATCH 14/16] BUG/MINOR: http: remove stupid HTTP_METH_NONE entry - [PATCH 15/16] BUG/MAJOR: http: don't call http_send_name_header() - [PATCH 16/16] BUG/MINOR: tools: make str2sa_range() report Signed-off-by: heil <heil@terminal-consulting.de>
2015-09-09 20:49:16 +02:00 · 2015-09-09 20:49:16 +02:00 · 1b9a79c04d
commit 1b9a79c04d
parent 7b74769b07
4 changed files with 164 additions and 1 deletions
--- a/net/haproxy/Makefile
+++ b/net/haproxy/Makefile
@ -10,7 +10,7 @@ include $(TOPDIR)/rules.mk

 PKG_NAME:=haproxy
 PKG_VERSION:=1.5.14
-PKG_RELEASE:=13
+PKG_RELEASE:=16
 PKG_SOURCE:=haproxy-$(PKG_VERSION).tar.gz
 PKG_SOURCE_URL:=http://haproxy.1wt.eu/download/1.5/src/
 PKG_BUILD_DIR:=$(BUILD_DIR)/$(PKG_NAME)-$(BUILD_VARIANT)/$(PKG_NAME)-$(PKG_VERSION)
--- a/net/haproxy/patches/0014-BUG-MINOR-http-remove-stupid-HTTP_METH_NONE-entry.patch
+++ b/net/haproxy/patches/0014-BUG-MINOR-http-remove-stupid-HTTP_METH_NONE-entry.patch
@ -0,0 +1,78 @@
+From bcd033699c5a4904967652de4980e4f35f17ee34 Mon Sep 17 00:00:00 2001
+From: Willy Tarreau <w@1wt.eu>
+Date: Thu, 3 Sep 2015 17:15:21 +0200
+Subject: [PATCH 14/16] BUG/MINOR: http: remove stupid HTTP_METH_NONE entry
+
+When converting the "method" fetch to a string, we used to get an empty
+string if the first character was not an upper case. This was caused by
+the lookup function which returns HTTP_METH_NONE when a lookup is not
+possible, and this method being mapped to an empty string in the array.
+
+This is a totally stupid mechanism, there's no reason for having the
+result depend on the first char. In fact the message parser already
+checks that the syntax matches an HTTP token so we can only land there
+with a valid token, hence only HTTP_METH_OTHER should be returned.
+
+This fix should be backported to all actively supported branches.
+(cherry picked from commit b7ce424be2bc9df73a3b971fa9dd6daea0332bf1)
+---
+ include/types/proto_http.h |  1 -
+ src/proto_http.c           | 11 ++++-------
+ 2 files changed, 4 insertions(+), 8 deletions(-)
+
+diff --git a/include/types/proto_http.h b/include/types/proto_http.h
+index a5a5d31..dbce972 100644
+--- a/include/types/proto_http.h
+++ b/include/types/proto_http.h
+@@ -219,7 +219,6 @@ enum {
+ 
+ /* Known HTTP methods */
+ enum http_meth_t {
+-	HTTP_METH_NONE = 0,
+ 	HTTP_METH_OPTIONS,
+ 	HTTP_METH_GET,
+ 	HTTP_METH_HEAD,
+diff --git a/src/proto_http.c b/src/proto_http.c
+index 02dc42b..46694cb 100644
+--- a/src/proto_http.c
+++ b/src/proto_http.c
+@@ -361,12 +361,11 @@ const struct http_method_desc http_methods[26][3] = {
+ 		[0] = {	.meth = HTTP_METH_TRACE   , .len=5, .text="TRACE"   },
+ 	},
+ 	/* rest is empty like this :
+-	 *      [1] = {	.meth = HTTP_METH_NONE    , .len=0, .text=""        },
+	 *      [0] = {	.meth = HTTP_METH_OTHER   , .len=0, .text=""        },
+ 	 */
+ };
+ 
+ const struct http_method_name http_known_methods[HTTP_METH_OTHER] = {
+-	[HTTP_METH_NONE]    = { "",         0 },
+ 	[HTTP_METH_OPTIONS] = { "OPTIONS",  7 },
+ 	[HTTP_METH_GET]     = { "GET",      3 },
+ 	[HTTP_METH_HEAD]    = { "HEAD",     4 },
+@@ -793,8 +792,8 @@ struct chunk *http_error_message(struct session *s, int msgnum)
+ }
+ 
+ /*
+- * returns HTTP_METH_NONE if there is nothing valid to read (empty or non-text
+- * string), HTTP_METH_OTHER for unknown methods, or the identified method.
+ * returns a known method among HTTP_METH_* or HTTP_METH_OTHER for all unknown
+ * ones.
+  */
+ enum http_meth_t find_http_meth(const char *str, const int len)
+ {
+@@ -810,10 +809,8 @@ enum http_meth_t find_http_meth(const char *str, const int len)
+ 			if (likely(memcmp(str, h->text, h->len) == 0))
+ 				return h->meth;
+ 		};
+-		return HTTP_METH_OTHER;
+ 	}
+-	return HTTP_METH_NONE;
+-
+	return HTTP_METH_OTHER;
+ }
+ 
+ /* Parse the URI from the given transaction (which is assumed to be in request
+-- 
+2.4.6
+
--- a/net/haproxy/patches/0015-BUG-MAJOR-http-don-t-call-http_send_name_header-afte.patch
+++ b/net/haproxy/patches/0015-BUG-MAJOR-http-don-t-call-http_send_name_header-afte.patch
@ -0,0 +1,49 @@
+From 3f34b5539e7ba31e44055d853b9ba496e73e0bae Mon Sep 17 00:00:00 2001
+From: Willy Tarreau <w@1wt.eu>
+Date: Mon, 7 Sep 2015 19:32:33 +0200
+Subject: [PATCH 15/16] BUG/MAJOR: http: don't call http_send_name_header()
+ after an error
+
+A crash was reported when using the "famous" http-send-name-header
+directive. This time it's a bit tricky, it requires a certain number of
+conditions to be met including maxconn on a server, queuing, timeout in
+the queue and cookie-based persistence.
+
+The problem is that in stream.c, before calling http_send_name_header(),
+we check a number of conditions to know if we have to replace the header
+name. But prior to reaching this place, it's possible for
+sess_update_stream_int() to fail and change the stream-int's state to
+SI_ST_CLO, send an error 503 to the client, and flush all buffers. But
+http_send_name_header() can only be called with valid buffer contents
+matching the http_msg's description. So when it rewinds the stream to
+modify the header, buf->o becomes negative by the size of the incoming
+request and is used as the argument to memmove() which basically
+displaces 4GB of memory off a few bytes to write the new name, resulting
+in a core and a core file that's really not fun to play with.
+
+The solution obviously consists in refraining from calling this nasty
+function when the stream interface is already closed.
+
+This bug also affects 1.5 and possibly 1.4, so the fix must be backported
+there.
+(cherry picked from commit 9c03b33329cb4924716edc1c851913a18b0670dc)
+---
+ src/session.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/session.c b/src/session.c
+index 6d62e36..7520a85 100644
+--- a/src/session.c
+++ b/src/session.c
+@@ -2293,7 +2293,7 @@ struct task *process_session(struct task *t)
+ 
+ 			/* Now we can add the server name to a header (if requested) */
+ 			/* check for HTTP mode and proxy server_name_hdr_name != NULL */
+-			if ((s->si[1].state >= SI_ST_CON) &&
+			if ((s->si[1].state >= SI_ST_CON) && (s->si[1].state < SI_ST_CLO) &&
+ 			    (s->be->server_id_hdr_name != NULL) &&
+ 			    (s->be->mode == PR_MODE_HTTP) &&
+ 			    objt_server(s->target)) {
+-- 
+2.4.6
+
--- a/net/haproxy/patches/0016-BUG-MINOR-tools-make-str2sa_range-report-unresolvabl.patch
+++ b/net/haproxy/patches/0016-BUG-MINOR-tools-make-str2sa_range-report-unresolvabl.patch
@ -0,0 +1,36 @@
+From 36456071ea34546d98d3b66a696cd4c4c4643de5 Mon Sep 17 00:00:00 2001
+From: Willy Tarreau <w@1wt.eu>
+Date: Tue, 8 Sep 2015 16:01:25 +0200
+Subject: [PATCH 16/16] BUG/MINOR: tools: make str2sa_range() report
+ unresolvable addresses
+
+If an environment variable is used in an address, and is not set, it's
+silently considered as ":" or "0.0.0.0:0" which is not correct as it
+can hide environment issues and lead to unexpected behaviours. Let's
+report this case when it happens.
+
+This fix should be backported to 1.5.
+(cherry picked from commit 9f69f46d1f1b1d116c00b4b0483c519747f977b7)
+---
+ src/standard.c | 5 +++++
+ 1 file changed, 5 insertions(+)
+
+diff --git a/src/standard.c b/src/standard.c
+index f57724c..9299882 100644
+--- a/src/standard.c
+++ b/src/standard.c
+@@ -709,6 +709,11 @@ struct sockaddr_storage *str2sa_range(const char *str, int *low, int *high, char
+ 		goto out;
+ 	}
+ 
+	if (!*str2) {
+		memprintf(err, "'%s' resolves to an empty address (environment variable missing?)\n", str);
+		goto out;
+	}
+
+ 	memset(&ss, 0, sizeof(ss));
+ 
+ 	if (strncmp(str2, "unix@", 5) == 0) {
+-- 
+2.4.6
+