MINOR: tree-wide: add missing TAINTED flags for some experimental directives

We normally taint the process when using experimental directives, but a handful of places were missed so we don't always know that they are in use. Let's fix these places (hint for future directives, just look for places checking for "experimental_directives_allowed", and add "mark_tainted(TAINTED_CONFIG_EXP_KW_DECLARED);").
2025-10-26 14:10:59 +01:00 · 2025-10-17 17:57:40 +02:00 · 2025-10-17 17:57:40 +02:00 · 80ed9f9dcf
commit 80ed9f9dcf
parent d3881e61ac
5 changed files with 7 additions and 0 deletions
--- a/src/acme.c
+++ b/src/acme.c
@ -264,6 +264,7 @@ static int cfg_parse_acme(const char *file, int linenum, char **args, int kwm)
 		err_code |= ERR_ALERT | ERR_FATAL;
 		goto out;
 	}
+	mark_tainted(TAINTED_CONFIG_EXP_KW_DECLARED);

 	if (strcmp(args[0], "acme") == 0) {
 		struct acme_cfg *tmp_acme = acme_cfgs;
--- a/src/cfgparse-global.c
+++ b/src/cfgparse-global.c
@ -1613,6 +1613,7 @@ static int cfg_parse_global_shm_stats_file(char **args, int section_type,
 		return -1;
 	}

+	mark_tainted(TAINTED_CONFIG_EXP_KW_DECLARED);
 	global.shm_stats_file = strdup(args[1]);
 	return 0;
 }
@ -1636,6 +1637,7 @@ static int cfg_parse_global_shm_stats_file_max_objects(char **args, int section_
 		return -1;
 	}

+	mark_tainted(TAINTED_CONFIG_EXP_KW_DECLARED);
 	shm_stats_file_max_objects = atoi(args[1]);
 	return 0;
 }
--- a/src/cfgparse-quic.c
+++ b/src/cfgparse-quic.c
@ -125,6 +125,7 @@ static int bind_parse_quic_cc_algo(char **args, int cur_arg, struct proxy *px,
 		algo = QUIC_CC_NO_CC_STR;
 		*cc_algo = quic_cc_algo_nocc;
 		arg += strlen(QUIC_CC_NO_CC_STR);
+		mark_tainted(TAINTED_CONFIG_EXP_KW_DECLARED);
 	}
 	else {
 		memprintf(err, "'%s' : unknown control congestion algorithm", args[cur_arg + 1]);
--- a/src/cfgparse-ssl.c
+++ b/src/cfgparse-ssl.c
@ -895,6 +895,7 @@ static int ssl_bind_parse_ktls(char **args, int cur_arg, struct proxy *px, struc
 			  args[cur_arg], args[cur_arg + 1]);
 		return ERR_ALERT | ERR_FATAL;
 	}
+	mark_tainted(TAINTED_CONFIG_EXP_KW_DECLARED);
 	return 0;

 }
@ -1958,6 +1959,7 @@ static int srv_parse_ktls(char **args, int *cur_arg, struct proxy *px, struct se
 			  args[*cur_arg], args[*cur_arg + 1]);
 		return ERR_ALERT | ERR_FATAL;
 	}
+	mark_tainted(TAINTED_CONFIG_EXP_KW_DECLARED);
 	return 0;
 }

--- a/src/server.c
+++ b/src/server.c
@ -3701,6 +3701,7 @@ static int _srv_parse_init(struct server **srv, char **args, int *cur_arg,
 				goto out;
 			}

+			mark_tainted(TAINTED_CONFIG_EXP_KW_DECLARED);
 			newsrv->xprt = xprt_get(XPRT_QUIC);
 			quic_transport_params_init(&newsrv->quic_params, 0);
 		}