From 79c412b67380c0e316863b060d31980b5fa3deb6 Mon Sep 17 00:00:00 2001 From: Willy Tarreau Date: Wed, 30 Oct 2013 19:30:32 +0100 Subject: [PATCH] BUG/MEDIUM: acl: do not evaluate next terms after a miss When a condition does something like : action if A B C || D E F If B returns a miss (can't tell true or false), C must not be evaluated. This is important when C has a side effect (eg: sc*_inc_gpc0). However the second part after the || can still be evaluated. --- src/acl.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/acl.c b/src/acl.c index e6cbd306a..4d7216f17 100644 --- a/src/acl.c +++ b/src/acl.c @@ -1779,8 +1779,8 @@ int acl_exec_cond(struct acl_cond *cond, struct proxy *px, struct session *l4, v suite_res &= acl_res; - /* we're ANDing these terms, so a single FAIL is enough */ - if (suite_res == ACL_PAT_FAIL) + /* we're ANDing these terms, so a single FAIL or MISS is enough */ + if (suite_res != ACL_PAT_PASS) break; } cond_res |= suite_res;