mirrors/haproxy
1
0
Fork 0
mirror of https://git.haproxy.org/git/haproxy.git/ synced 2025-09-21 05:41:26 +02:00
Code Issues Projects Releases Wiki Activity

[BUG] acl-related keywords are not allowed in defaults sections

Browse Source 
Using an ACL-related keyword in the defaults section causes a
segfault during parsing because the list headers are not initialized.
We must initialize list headers for default instance and reject
keywords relying on ACLs.
(cherry picked from commit 1c90a6ec20946a713e9c93995a8e91ed3eeb9da4)
(cherry picked from commit eb8131b4e418b838b2d62d991d91d94482ba49de)
This commit is contained in:
Willy Tarreau 2008-10-12 17:26:37 +02:00
parent da250db376
commit b099aca91a
1 changed files with 27 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

27
src/cfgparse.c
View File

@ -538,6 +538,13 @@ static void init_default_instance()
defproxy.maxconn = cfg_maxpconn; defproxy.maxconn = cfg_maxpconn;
defproxy.conn_retries = CONN_RETRIES; defproxy.conn_retries = CONN_RETRIES;
defproxy.logfac1 = defproxy.logfac2 = -1; /* log disabled */ defproxy.logfac1 = defproxy.logfac2 = -1; /* log disabled */
LIST_INIT(&defproxy.pendconns);
LIST_INIT(&defproxy.acl);
LIST_INIT(&defproxy.block_cond);
LIST_INIT(&defproxy.mon_fail_cond);
LIST_INIT(&defproxy.switching_rules);
proxy_reset_timeouts(&defproxy); proxy_reset_timeouts(&defproxy);
} }
@ -864,6 +871,11 @@ int cfg_parse_listen(const char *file, int linenum, char **args, int inv)
curproxy->state = PR_STNEW; curproxy->state = PR_STNEW;
} }
else if (!strcmp(args[0], "acl")) { /* add an ACL */ else if (!strcmp(args[0], "acl")) { /* add an ACL */
if (curproxy == &defproxy) {
Alert("parsing [%s:%d] : '%s' not allowed in 'defaults' section.\n", file, linenum, args[0]);
return -1;
}
err = invalid_char(args[1]); err = invalid_char(args[1]);
if (err) { if (err) {
Alert("parsing [%s:%d] : character '%c' is not permitted in acl name '%s'.\n", Alert("parsing [%s:%d] : character '%c' is not permitted in acl name '%s'.\n",
@ -1074,6 +1086,11 @@ int cfg_parse_listen(const char *file, int linenum, char **args, int inv)
int pol = ACL_COND_NONE; int pol = ACL_COND_NONE;
struct acl_cond *cond; struct acl_cond *cond;
if (curproxy == &defproxy) {
Alert("parsing [%s:%d] : '%s' not allowed in 'defaults' section.\n", file, linenum, args[0]);
return -1;
}
if (!strcmp(args[1], "if")) if (!strcmp(args[1], "if"))
pol = ACL_COND_IF; pol = ACL_COND_IF;
else if (!strcmp(args[1], "unless")) else if (!strcmp(args[1], "unless"))
@ -1191,6 +1208,11 @@ int cfg_parse_listen(const char *file, int linenum, char **args, int inv)
struct acl_cond *cond; struct acl_cond *cond;
struct switching_rule *rule; struct switching_rule *rule;
if (curproxy == &defproxy) {
Alert("parsing [%s:%d] : '%s' not allowed in 'defaults' section.\n", file, linenum, args[0]);
return -1;
}
if (warnifnotcap(curproxy, PR_CAP_FE, file, linenum, args[0], NULL)) if (warnifnotcap(curproxy, PR_CAP_FE, file, linenum, args[0], NULL))
return 0; return 0;
@ -1496,6 +1518,11 @@ int cfg_parse_listen(const char *file, int linenum, char **args, int inv)
} }
} }
else if (!strcmp(args[0], "monitor")) { else if (!strcmp(args[0], "monitor")) {
if (curproxy == &defproxy) {
Alert("parsing [%s:%d] : '%s' not allowed in 'defaults' section.\n", file, linenum, args[0]);
return -1;
}
if (warnifnotcap(curproxy, PR_CAP_FE, file, linenum, args[0], NULL)) if (warnifnotcap(curproxy, PR_CAP_FE, file, linenum, args[0], NULL))
return 0; return 0;