From 9bd52d478b2561666633f21086b60a1b488a25b7 Mon Sep 17 00:00:00 2001 From: Thierry FOURNIER Date: Thu, 14 Jul 2016 11:45:33 +0200 Subject: [PATCH] BUG/MEDIUM: lua: the function txn_done() from action wrapper can crash If an action wrapper stops the processing of the transaction with a txn_done() function, the return code of the action is "continue". So the continue can implies the processing of other like adding headers. However, the HTTP content is flushed and a segfault occurs. This patchs add a flag indicating that the Lua code want to stop the processing, ths flags is forwarded to the haproxy core, and other actions are ignored. Must be backported in 1.6 --- include/types/hlua.h | 1 + src/hlua.c | 5 +++++ 2 files changed, 6 insertions(+) diff --git a/include/types/hlua.h b/include/types/hlua.h index b22e03e7d..698786dd8 100644 --- a/include/types/hlua.h +++ b/include/types/hlua.h @@ -31,6 +31,7 @@ struct stream; #define HLUA_WAKEREQWR 0x00000008 #define HLUA_EXIT 0x00000010 #define HLUA_MUST_GC 0x00000020 +#define HLUA_STOP 0x00000040 #define HLUA_F_AS_STRING 0x01 #define HLUA_F_MAY_USE_HTTP 0x02 diff --git a/src/hlua.c b/src/hlua.c index f9a317d65..5cbfcfef9 100644 --- a/src/hlua.c +++ b/src/hlua.c @@ -4810,10 +4810,12 @@ __LJMP static int hlua_txn_set_mark(lua_State *L) __LJMP static int hlua_txn_done(lua_State *L) { struct hlua_txn *htxn; + struct hlua *hlua; struct channel *ic, *oc; MAY_LJMP(check_args(L, 1, "close")); htxn = MAY_LJMP(hlua_checktxn(L, 1)); + hlua = hlua_gethlua(L); /* If the flags NOTERM is set, we cannot terminate the http * session, so we just end the execution of the current @@ -4857,6 +4859,7 @@ __LJMP static int hlua_txn_done(lua_State *L) ic->analysers = 0; + hlua->flags |= HLUA_STOP; WILL_LJMP(hlua_done(L)); return 0; } @@ -5555,6 +5558,8 @@ static enum act_return hlua_action(struct act_rule *rule, struct proxy *px, case HLUA_E_OK: if (!hlua_check_proto(s, dir)) return ACT_RET_ERR; + if (s->hlua.flags & HLUA_STOP) + return ACT_RET_STOP; return ACT_RET_CONT; /* yield. */