mirrors/haproxy
1
0
Fork 0
mirror of https://git.haproxy.org/git/haproxy.git/ synced 2025-11-28 22:31:06 +01:00
Code Issues Projects Releases Wiki Activity

BUG/MEDIUM: hlua: Check the calling direction in lua functions of the HTTP class

Browse Source 
It is invalid to manipulate responses from http-request rules or to manipulate
requests from http-response rules. When http-request rules are evaluated, the
connection to server is not yet established, so there is no response at all. And
when http-response rules are evaluated, the request has already been sent to the
server.

Now, the calling direction is checked. So functions "txn.http:req_*" can now
only be called from http-request rules and the functions "txn.http:res_*" can
only be called from http-response rules.

This issue was reported on Github (#190).

This patch must be backported to all versions since the 1.6.
This commit is contained in:
Christopher Faulet 2019-07-26 16:17:01 +02:00
parent fe6a71b8e0
commit 84a6d5bc21
1 changed files with 52 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

53
src/hlua.c
View File

@ -4766,6 +4766,9 @@ __LJMP static int hlua_http_req_get_headers(lua_State *L)
MAY_LJMP(check_args(L, 1, "req_get_headers")); MAY_LJMP(check_args(L, 1, "req_get_headers"));
htxn = MAY_LJMP(hlua_checkhttp(L, 1)); htxn = MAY_LJMP(hlua_checkhttp(L, 1));
if (htxn->dir != SMP_OPT_DIR_REQ)
WILL_LJMP(lua_error(L));
return hlua_http_get_headers(L, htxn, &htxn->s->txn->req); return hlua_http_get_headers(L, htxn, &htxn->s->txn->req);
} }
@ -4776,6 +4779,9 @@ __LJMP static int hlua_http_res_get_headers(lua_State *L)
MAY_LJMP(check_args(L, 1, "res_get_headers")); MAY_LJMP(check_args(L, 1, "res_get_headers"));
htxn = MAY_LJMP(hlua_checkhttp(L, 1)); htxn = MAY_LJMP(hlua_checkhttp(L, 1));
if (htxn->dir != SMP_OPT_DIR_RES)
WILL_LJMP(lua_error(L));
return hlua_http_get_headers(L, htxn, &htxn->s->txn->rsp); return hlua_http_get_headers(L, htxn, &htxn->s->txn->rsp);
} }
@ -4809,6 +4815,9 @@ __LJMP static int hlua_http_req_rep_hdr(lua_State *L)
MAY_LJMP(check_args(L, 4, "req_rep_hdr")); MAY_LJMP(check_args(L, 4, "req_rep_hdr"));
htxn = MAY_LJMP(hlua_checkhttp(L, 1)); htxn = MAY_LJMP(hlua_checkhttp(L, 1));
if (htxn->dir != SMP_OPT_DIR_REQ)
WILL_LJMP(lua_error(L));
return MAY_LJMP(hlua_http_rep_hdr(L, htxn, &htxn->s->txn->req, ACT_HTTP_REPLACE_HDR)); return MAY_LJMP(hlua_http_rep_hdr(L, htxn, &htxn->s->txn->req, ACT_HTTP_REPLACE_HDR));
} }
@ -4819,6 +4828,9 @@ __LJMP static int hlua_http_res_rep_hdr(lua_State *L)
MAY_LJMP(check_args(L, 4, "res_rep_hdr")); MAY_LJMP(check_args(L, 4, "res_rep_hdr"));
htxn = MAY_LJMP(hlua_checkhttp(L, 1)); htxn = MAY_LJMP(hlua_checkhttp(L, 1));
if (htxn->dir != SMP_OPT_DIR_RES)
WILL_LJMP(lua_error(L));
return MAY_LJMP(hlua_http_rep_hdr(L, htxn, &htxn->s->txn->rsp, ACT_HTTP_REPLACE_HDR)); return MAY_LJMP(hlua_http_rep_hdr(L, htxn, &htxn->s->txn->rsp, ACT_HTTP_REPLACE_HDR));
} }
@ -4829,6 +4841,9 @@ __LJMP static int hlua_http_req_rep_val(lua_State *L)
MAY_LJMP(check_args(L, 4, "req_rep_hdr")); MAY_LJMP(check_args(L, 4, "req_rep_hdr"));
htxn = MAY_LJMP(hlua_checkhttp(L, 1)); htxn = MAY_LJMP(hlua_checkhttp(L, 1));
if (htxn->dir != SMP_OPT_DIR_REQ)
WILL_LJMP(lua_error(L));
return MAY_LJMP(hlua_http_rep_hdr(L, htxn, &htxn->s->txn->req, ACT_HTTP_REPLACE_VAL)); return MAY_LJMP(hlua_http_rep_hdr(L, htxn, &htxn->s->txn->req, ACT_HTTP_REPLACE_VAL));
} }
@ -4839,6 +4854,9 @@ __LJMP static int hlua_http_res_rep_val(lua_State *L)
MAY_LJMP(check_args(L, 4, "res_rep_val")); MAY_LJMP(check_args(L, 4, "res_rep_val"));
htxn = MAY_LJMP(hlua_checkhttp(L, 1)); htxn = MAY_LJMP(hlua_checkhttp(L, 1));
if (htxn->dir != SMP_OPT_DIR_RES)
WILL_LJMP(lua_error(L));
return MAY_LJMP(hlua_http_rep_hdr(L, htxn, &htxn->s->txn->rsp, ACT_HTTP_REPLACE_VAL)); return MAY_LJMP(hlua_http_rep_hdr(L, htxn, &htxn->s->txn->rsp, ACT_HTTP_REPLACE_VAL));
} }
@ -4865,6 +4883,9 @@ __LJMP static int hlua_http_req_del_hdr(lua_State *L)
MAY_LJMP(check_args(L, 2, "req_del_hdr")); MAY_LJMP(check_args(L, 2, "req_del_hdr"));
htxn = MAY_LJMP(hlua_checkhttp(L, 1)); htxn = MAY_LJMP(hlua_checkhttp(L, 1));
if (htxn->dir != SMP_OPT_DIR_REQ)
WILL_LJMP(lua_error(L));
return hlua_http_del_hdr(L, htxn, &htxn->s->txn->req); return hlua_http_del_hdr(L, htxn, &htxn->s->txn->req);
} }
@ -4872,9 +4893,12 @@ __LJMP static int hlua_http_res_del_hdr(lua_State *L)
{ {
struct hlua_txn *htxn; struct hlua_txn *htxn;
MAY_LJMP(check_args(L, 2, "req_del_hdr")); MAY_LJMP(check_args(L, 2, "res_del_hdr"));
htxn = MAY_LJMP(hlua_checkhttp(L, 1)); htxn = MAY_LJMP(hlua_checkhttp(L, 1));
if (htxn->dir != SMP_OPT_DIR_RES)
WILL_LJMP(lua_error(L));
return hlua_http_del_hdr(L, htxn, &htxn->s->txn->rsp); return hlua_http_del_hdr(L, htxn, &htxn->s->txn->rsp);
} }
@ -4901,6 +4925,9 @@ __LJMP static int hlua_http_req_add_hdr(lua_State *L)
MAY_LJMP(check_args(L, 3, "req_add_hdr")); MAY_LJMP(check_args(L, 3, "req_add_hdr"));
htxn = MAY_LJMP(hlua_checkhttp(L, 1)); htxn = MAY_LJMP(hlua_checkhttp(L, 1));
if (htxn->dir != SMP_OPT_DIR_REQ)
WILL_LJMP(lua_error(L));
return hlua_http_add_hdr(L, htxn, &htxn->s->txn->req); return hlua_http_add_hdr(L, htxn, &htxn->s->txn->req);
} }
@ -4911,6 +4938,9 @@ __LJMP static int hlua_http_res_add_hdr(lua_State *L)
MAY_LJMP(check_args(L, 3, "res_add_hdr")); MAY_LJMP(check_args(L, 3, "res_add_hdr"));
htxn = MAY_LJMP(hlua_checkhttp(L, 1)); htxn = MAY_LJMP(hlua_checkhttp(L, 1));
if (htxn->dir != SMP_OPT_DIR_RES)
WILL_LJMP(lua_error(L));
return hlua_http_add_hdr(L, htxn, &htxn->s->txn->rsp); return hlua_http_add_hdr(L, htxn, &htxn->s->txn->rsp);
} }
@ -4921,6 +4951,9 @@ static int hlua_http_req_set_hdr(lua_State *L)
MAY_LJMP(check_args(L, 3, "req_set_hdr")); MAY_LJMP(check_args(L, 3, "req_set_hdr"));
htxn = MAY_LJMP(hlua_checkhttp(L, 1)); htxn = MAY_LJMP(hlua_checkhttp(L, 1));
if (htxn->dir != SMP_OPT_DIR_REQ)
WILL_LJMP(lua_error(L));
hlua_http_del_hdr(L, htxn, &htxn->s->txn->req); hlua_http_del_hdr(L, htxn, &htxn->s->txn->req);
return hlua_http_add_hdr(L, htxn, &htxn->s->txn->req); return hlua_http_add_hdr(L, htxn, &htxn->s->txn->req);
} }
@ -4932,6 +4965,9 @@ static int hlua_http_res_set_hdr(lua_State *L)
MAY_LJMP(check_args(L, 3, "res_set_hdr")); MAY_LJMP(check_args(L, 3, "res_set_hdr"));
htxn = MAY_LJMP(hlua_checkhttp(L, 1)); htxn = MAY_LJMP(hlua_checkhttp(L, 1));
if (htxn->dir != SMP_OPT_DIR_RES)
WILL_LJMP(lua_error(L));
hlua_http_del_hdr(L, htxn, &htxn->s->txn->rsp); hlua_http_del_hdr(L, htxn, &htxn->s->txn->rsp);
return hlua_http_add_hdr(L, htxn, &htxn->s->txn->rsp); return hlua_http_add_hdr(L, htxn, &htxn->s->txn->rsp);
} }
@ -4943,6 +4979,9 @@ static int hlua_http_req_set_meth(lua_State *L)
size_t name_len; size_t name_len;
const char *name = MAY_LJMP(luaL_checklstring(L, 2, &name_len)); const char *name = MAY_LJMP(luaL_checklstring(L, 2, &name_len));
if (htxn->dir != SMP_OPT_DIR_REQ)
WILL_LJMP(lua_error(L));
lua_pushboolean(L, http_req_replace_stline(0, name, name_len, htxn->p, htxn->s) != -1); lua_pushboolean(L, http_req_replace_stline(0, name, name_len, htxn->p, htxn->s) != -1);
return 1; return 1;
} }
@ -4954,6 +4993,9 @@ static int hlua_http_req_set_path(lua_State *L)
size_t name_len; size_t name_len;
const char *name = MAY_LJMP(luaL_checklstring(L, 2, &name_len)); const char *name = MAY_LJMP(luaL_checklstring(L, 2, &name_len));
if (htxn->dir != SMP_OPT_DIR_REQ)
WILL_LJMP(lua_error(L));
lua_pushboolean(L, http_req_replace_stline(1, name, name_len, htxn->p, htxn->s) != -1); lua_pushboolean(L, http_req_replace_stline(1, name, name_len, htxn->p, htxn->s) != -1);
return 1; return 1;
} }
@ -4965,6 +5007,9 @@ static int hlua_http_req_set_query(lua_State *L)
size_t name_len; size_t name_len;
const char *name = MAY_LJMP(luaL_checklstring(L, 2, &name_len)); const char *name = MAY_LJMP(luaL_checklstring(L, 2, &name_len));
if (htxn->dir != SMP_OPT_DIR_REQ)
WILL_LJMP(lua_error(L));
/* Check length. */ /* Check length. */
if (name_len > trash.size - 1) { if (name_len > trash.size - 1) {
lua_pushboolean(L, 0); lua_pushboolean(L, 0);
@ -4989,6 +5034,9 @@ static int hlua_http_req_set_uri(lua_State *L)
size_t name_len; size_t name_len;
const char *name = MAY_LJMP(luaL_checklstring(L, 2, &name_len)); const char *name = MAY_LJMP(luaL_checklstring(L, 2, &name_len));
if (htxn->dir != SMP_OPT_DIR_REQ)
WILL_LJMP(lua_error(L));
lua_pushboolean(L, http_req_replace_stline(3, name, name_len, htxn->p, htxn->s) != -1); lua_pushboolean(L, http_req_replace_stline(3, name, name_len, htxn->p, htxn->s) != -1);
return 1; return 1;
} }
@ -5000,6 +5048,9 @@ static int hlua_http_res_set_status(lua_State *L)
unsigned int code = MAY_LJMP(luaL_checkinteger(L, 2)); unsigned int code = MAY_LJMP(luaL_checkinteger(L, 2));
const char *reason = MAY_LJMP(luaL_optlstring(L, 3, NULL, NULL)); const char *reason = MAY_LJMP(luaL_optlstring(L, 3, NULL, NULL));
if (htxn->dir != SMP_OPT_DIR_RES)
WILL_LJMP(lua_error(L));
http_res_set_status(code, reason, htxn->s); http_res_set_status(code, reason, htxn->s);
return 0; return 0;
} }