mirrors/haproxy
1
0
Fork 0
mirror of https://git.haproxy.org/git/haproxy.git/ synced 2025-09-20 21:31:28 +02:00
Code Issues Projects Releases Wiki Activity

MINOR: acl: Only allow one '-m' matching method

Browse Source 
Several '-m' explicit matching method was allowed, but only the last one was
really used. There is no reason to specify several matching method and it is
most probably an error or a lack of understanding of how matchings are
performed. So now, an error is triggered during the configuration parsing to
avoid any bad usage.
This commit is contained in:
Christopher Faulet 2025-08-29 17:43:07 +02:00
parent d09d7676d0
commit c51ddd5c38
1 changed files with 7 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
src/acl.c
View File

@ -149,7 +149,7 @@ struct acl_expr *parse_acl_expr(const char **args, char **err, struct arg_list *
signed long long value, minor; signed long long value, minor;
/* The following buffer contain two numbers, a ':' separator and the final \0. */ /* The following buffer contain two numbers, a ':' separator and the final \0. */
char buffer[NB_LLMAX_STR + 1 + NB_LLMAX_STR + 1]; char buffer[NB_LLMAX_STR + 1 + NB_LLMAX_STR + 1];
int is_loaded; int is_loaded, match_forced;
int unique_id; int unique_id;
char *error; char *error;
struct pat_ref *ref; struct pat_ref *ref;
@ -321,6 +321,7 @@ struct acl_expr *parse_acl_expr(const char **args, char **err, struct arg_list *
refflags = PAT_REF_ACL; refflags = PAT_REF_ACL;
patflags = 0; patflags = 0;
is_loaded = 0; is_loaded = 0;
match_forced = 0;
unique_id = -1; unique_id = -1;
while (**args == '-') { while (**args == '-') {
if (strcmp(*args, "-i") == 0) if (strcmp(*args, "-i") == 0)
@ -360,6 +361,10 @@ struct acl_expr *parse_acl_expr(const char **args, char **err, struct arg_list *
memprintf(err, "'-m' must only be specified before patterns and files in parsing ACL expression"); memprintf(err, "'-m' must only be specified before patterns and files in parsing ACL expression");
goto out_free_expr; goto out_free_expr;
} }
if (match_forced) {
memprintf(err, "only one explicit matching method can be defined with '*m' parameter");
goto out_free_expr;
}
idx = pat_find_match_name(args[1]); idx = pat_find_match_name(args[1]);
if (idx < 0) { if (idx < 0) {
@ -377,6 +382,7 @@ struct acl_expr *parse_acl_expr(const char **args, char **err, struct arg_list *
expr->pat.match = pat_match_fcts[idx]; expr->pat.match = pat_match_fcts[idx];
expr->pat.prune = pat_prune_fcts[idx]; expr->pat.prune = pat_prune_fcts[idx];
expr->pat.expect_type = pat_match_types[idx]; expr->pat.expect_type = pat_match_types[idx];
match_forced = 1;
args++; args++;
} }
else if (strcmp(*args, "-M") == 0) { else if (strcmp(*args, "-M") == 0) {