From 2a56c5e1c3d9dc21df3cdaf6321c24c753154cd7 Mon Sep 17 00:00:00 2001 From: Willy Tarreau Date: Mon, 15 Mar 2010 16:13:29 +0100 Subject: [PATCH] [BUG] don't merge anonymous ACLs ! The new anonymous ACL feature was buggy. If several ones are declared, the first rule is always matched because all of them share the same internal name (".noname"). Now we simply declare them with an empty name and ensure that we disable any merging when the name is empty. --- src/acl.c | 13 +++++++++---- 1 file changed, 9 insertions(+), 4 deletions(-) diff --git a/src/acl.c b/src/acl.c index c6c7484a3..be752b069 100644 --- a/src/acl.c +++ b/src/acl.c @@ -767,7 +767,8 @@ struct acl *prune_acl(struct acl *acl) { /* Parse an ACL with the name starting at [0], and with a list of already * known ACLs in . If the ACL was not in the list, it will be added. - * A pointer to that ACL is returned. + * A pointer to that ACL is returned. If the ACL has an empty name, then it's + * an anonymous one and it won't be merged with any other one. * * args syntax: */ @@ -778,7 +779,7 @@ struct acl *parse_acl(const char **args, struct list *known_acl) struct acl_expr *acl_expr; char *name; - if (invalid_char(*args)) + if (**args && invalid_char(*args)) goto out_return; acl_expr = parse_acl_expr(args + 1); @@ -797,7 +798,11 @@ struct acl *parse_acl(const char **args, struct list *known_acl) " match and the pattern to make this warning message disappear.\n", args[0], args[1], args[2]); - cur_acl = find_acl_by_name(args[0], known_acl); + if (*args[0]) + cur_acl = find_acl_by_name(args[0], known_acl); + else + cur_acl = NULL; + if (!cur_acl) { name = strdup(args[0]); if (!name) @@ -980,7 +985,7 @@ struct acl_cond *parse_acl_cond(const char **args, struct list *known_acl, int p if (!args_new) goto out_free_suite; - args_new[0] = ".noname"; + args_new[0] = ""; memcpy(args_new + 1, args + arg + 1, (arg_end - arg) * sizeof(*args_new)); args_new[arg_end - arg] = ""; cur_acl = parse_acl(args_new, known_acl);