Difuse/packages
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
packages/net/haproxy/patches/030-BUG-MINOR-http-rules-Remove-buggy-deinit-functions-for-HTTP-rules.patch
Christian Lachner fdaa55a918 haproxy: Update HAProxy to v2.1.2 
- Major version jump from v2.0 to v2.1
- Update haproxy download URL and hash
- Add new patches (see https://www.haproxy.org/bugs/bugs-2.1.2.html)
- Stop building LUA 5.3 in the haproxy build-process and use liblua5.3 as a dependency instead

Signed-off-by: Christian Lachner <gladiac@gmail.com>
2020-02-03 07:54:31 +01:00

133 lines
4.3 KiB
Diff
Raw Blame History

commit ff9be052e36d427df467b4a9b2f0a9b79af481a4
Author: Christopher Faulet <cfaulet@haproxy.com>
Date: Tue Dec 17 11:25:46 2019 +0100
BUG/MINOR: http-rules: Remove buggy deinit functions for HTTP rules
Functions to deinitialize the HTTP rules are buggy. These functions does not
check the action name to release the right part in the arg union. Only few info
are released. For auth rules, the realm is released and there is no problem
here. But the regex <arg.hdr_add.re> is always unconditionally released. So it
is easy to make these functions crash. For instance, with the following rule
HAProxy crashes during the deinit :
http-request set-map(/path/to/map) %[src] %[req.hdr(X-Value)]
For now, These functions are simply removed and we rely on the deinit function
used for TCP rules (renamed as deinit_act_rules()). This patch fixes the
bug. But arguments used by actions are not released at all, this part will be
addressed later.
This patch must be backported to all stable versions.
(cherry picked from commit cb5501327c7ece8a9b5b07c9a839419e45d9ee4a)
Signed-off-by: Christopher Faulet <cfaulet@haproxy.com>
diff --git a/include/proto/http_rules.h b/include/proto/http_rules.h
index 5e03dd813..608ca5760 100644
--- a/include/proto/http_rules.h
+++ b/include/proto/http_rules.h
@@ -32,8 +32,6 @@ extern struct action_kw_list http_res_keywords;
struct act_rule *parse_http_req_cond(const char **args, const char *file, int linenum, struct proxy *proxy);
struct act_rule *parse_http_res_cond(const char **args, const char *file, int linenum, struct proxy *proxy);
-void free_http_req_rules(struct list *r);
-void free_http_res_rules(struct list *r);
struct redirect_rule *http_parse_redirect_rule(const char *file, int linenum, struct proxy *curproxy,
const char **args, char **errmsg, int use_fmt, int dir);
diff --git a/src/haproxy.c b/src/haproxy.c
index a66a184dc..f225a13f8 100644
--- a/src/haproxy.c
+++ b/src/haproxy.c
@@ -2300,14 +2300,14 @@ static void deinit_acl_cond(struct acl_cond *cond)
free(cond);
}
-static void deinit_tcp_rules(struct list *rules)
+static void deinit_act_rules(struct list *rules)
{
- struct act_rule *trule, *truleb;
+ struct act_rule *rule, *ruleb;
- list_for_each_entry_safe(trule, truleb, rules, list) {
- LIST_DEL(&trule->list);
- deinit_acl_cond(trule->cond);
- free(trule);
+ list_for_each_entry_safe(rule, ruleb, rules, list) {
+ LIST_DEL(&rule->list);
+ deinit_acl_cond(rule->cond);
+ free(rule);
}
}
@@ -2452,9 +2452,12 @@ void deinit(void)
free(lf);
}
- deinit_tcp_rules(&p->tcp_req.inspect_rules);
- deinit_tcp_rules(&p->tcp_rep.inspect_rules);
- deinit_tcp_rules(&p->tcp_req.l4_rules);
+ deinit_act_rules(&p->tcp_req.inspect_rules);
+ deinit_act_rules(&p->tcp_rep.inspect_rules);
+ deinit_act_rules(&p->tcp_req.l4_rules);
+ deinit_act_rules(&p->tcp_req.l5_rules);
+ deinit_act_rules(&p->http_req_rules);
+ deinit_act_rules(&p->http_res_rules);
deinit_stick_rules(&p->storersp_rules);
deinit_stick_rules(&p->sticking_rules);
@@ -2556,8 +2559,6 @@ void deinit(void)
free(p->desc);
free(p->fwdfor_hdr_name);
- free_http_req_rules(&p->http_req_rules);
- free_http_res_rules(&p->http_res_rules);
task_destroy(p->task);
pool_destroy(p->req_cap_pool);
@@ -2582,7 +2583,7 @@ void deinit(void)
free(uap->desc);
userlist_free(uap->userlist);
- free_http_req_rules(&uap->http_req_rules);
+ deinit_act_rules(&uap->http_req_rules);
free(uap);
}
diff --git a/src/http_rules.c b/src/http_rules.c
index b790c5ffe..aad771466 100644
--- a/src/http_rules.c
+++ b/src/http_rules.c
@@ -1186,31 +1186,6 @@ struct redirect_rule *http_parse_redirect_rule(const char *file, int linenum, st
return NULL;
}
-void free_http_res_rules(struct list *r)
-{
- struct act_rule *tr, *pr;
-
- list_for_each_entry_safe(pr, tr, r, list) {
- LIST_DEL(&pr->list);
- regex_free(pr->arg.hdr_add.re);
- free(pr);
- }
-}
-
-void free_http_req_rules(struct list *r)
-{
- struct act_rule *tr, *pr;
-
- list_for_each_entry_safe(pr, tr, r, list) {
- LIST_DEL(&pr->list);
- if (pr->action == ACT_HTTP_REQ_AUTH)
- free(pr->arg.auth.realm);
-
- regex_free(pr->arg.hdr_add.re);
- free(pr);
- }
-}
-
__attribute__((constructor))
static void __http_rules_init(void)
{
Reference in a new issue View git blame Copy permalink