mirrors/haproxy
1
0
Fork 0
mirror of https://git.haproxy.org/git/haproxy.git/ synced 2026-05-05 13:06:10 +02:00
Code Issues Projects Releases Wiki Activity

BUG/MEDIUM: lua: Forbid HTTP applets from being called from tcp rulesets

Browse Source 
HTTP applets request requires everything initilized by
"http_process_request" (analyzer flag AN_REQ_HTTP_INNER).
The applet will be immediately initilized, but its before
the call of this analyzer.

Due to this problem HTTP applets could be called with uncompletely
initialized http_txn.

This fix must be backported to 1.6.
This commit is contained in:
Thierry FOURNIER 2015-12-20 20:13:14 +01:00 committed by Willy Tarreau
parent d93ea2b603
commit 718e2a73a2
1 changed files with 11 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
src/hlua.c
View File

@ -6062,6 +6062,17 @@ static enum act_parse_ret action_register_service_http(const char **args, int *c
{
struct hlua_function *fcn = (struct hlua_function *)rule->kw->private;
/* HTTP applets are forbidden in tcp-request rules.
* HTTP applet request requires everything initilized by
* "http_process_request" (analyzer flag AN_REQ_HTTP_INNER).
* The applet will be immediately initilized, but its before
* the call of this analyzer.
*/
if (rule->from != ACT_F_HTTP_REQ) {
memprintf(err, "HTTP applets are forbidden from 'tcp-request' rulesets");
return ACT_RET_PRS_ERR;
}
/* Memory for the rule. */
rule->arg.hlua_rule = calloc(1, sizeof(*rule->arg.hlua_rule));
if (!rule->arg.hlua_rule) {