From c51ddd5c384d0bfb914db9ee12f70d5449d51f75 Mon Sep 17 00:00:00 2001 From: Christopher Faulet Date: Fri, 29 Aug 2025 17:43:07 +0200 Subject: [PATCH] MINOR: acl: Only allow one '-m' matching method Several '-m' explicit matching method was allowed, but only the last one was really used. There is no reason to specify several matching method and it is most probably an error or a lack of understanding of how matchings are performed. So now, an error is triggered during the configuration parsing to avoid any bad usage. --- src/acl.c | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/src/acl.c b/src/acl.c index fe2310ef5..57fcaa5a7 100644 --- a/src/acl.c +++ b/src/acl.c @@ -149,7 +149,7 @@ struct acl_expr *parse_acl_expr(const char **args, char **err, struct arg_list * signed long long value, minor; /* The following buffer contain two numbers, a ':' separator and the final \0. */ char buffer[NB_LLMAX_STR + 1 + NB_LLMAX_STR + 1]; - int is_loaded; + int is_loaded, match_forced; int unique_id; char *error; struct pat_ref *ref; @@ -321,6 +321,7 @@ struct acl_expr *parse_acl_expr(const char **args, char **err, struct arg_list * refflags = PAT_REF_ACL; patflags = 0; is_loaded = 0; + match_forced = 0; unique_id = -1; while (**args == '-') { if (strcmp(*args, "-i") == 0) @@ -360,6 +361,10 @@ struct acl_expr *parse_acl_expr(const char **args, char **err, struct arg_list * memprintf(err, "'-m' must only be specified before patterns and files in parsing ACL expression"); goto out_free_expr; } + if (match_forced) { + memprintf(err, "only one explicit matching method can be defined with '*m' parameter"); + goto out_free_expr; + } idx = pat_find_match_name(args[1]); if (idx < 0) { @@ -377,6 +382,7 @@ struct acl_expr *parse_acl_expr(const char **args, char **err, struct arg_list * expr->pat.match = pat_match_fcts[idx]; expr->pat.prune = pat_prune_fcts[idx]; expr->pat.expect_type = pat_match_types[idx]; + match_forced = 1; args++; } else if (strcmp(*args, "-M") == 0) {