mirrors/haproxy
1
0
Fork 0
mirror of https://git.haproxy.org/git/haproxy.git/ synced 2025-09-21 05:41:26 +02:00
Code Issues Projects Releases Wiki Activity

MINOR: sample: Validate the number of bits for the sha2 converter

Browse Source 
Instead of failing the conversion when an invalid number of bits is
given the sha2 converter now fails with an appropriate error message
during startup.

The sha2 converter was introduced in d4376302377e4f51f43a183c2c91d929b27e1ae3,
which is in 2.1 and higher.
This commit is contained in:
Tim Duesterhus 2019-12-17 12:31:20 +01:00 committed by Willy Tarreau
parent 46dfd78cbf
commit cd3732456b
2 changed files with 25 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
reg-tests/converter/sha2.vtc
View File

@ -8,7 +8,7 @@ feature ignore_unknown_macro
server s1 { server s1 {
rxreq rxreq
txresp txresp
} -repeat 3 -start } -repeat 2 -start
haproxy h1 -conf { haproxy h1 -conf {
defaults defaults
@ -28,7 +28,6 @@ haproxy h1 -conf {
http-response set-header SHA2-256 "%[var(txn.hash),sha2(256),hex,lower]" http-response set-header SHA2-256 "%[var(txn.hash),sha2(256),hex,lower]"
http-response set-header SHA2-384 "%[var(txn.hash),sha2(384),hex,lower]" http-response set-header SHA2-384 "%[var(txn.hash),sha2(384),hex,lower]"
http-response set-header SHA2-512 "%[var(txn.hash),sha2(512),hex,lower]" http-response set-header SHA2-512 "%[var(txn.hash),sha2(512),hex,lower]"
http-response set-header SHA2-invalid "%[var(txn.hash),sha2(1),hex,lower]"
default_backend be default_backend be
@ -46,7 +45,6 @@ client c1 -connect ${h1_fe_sock} {
expect resp.http.sha2-256 == "6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b" expect resp.http.sha2-256 == "6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b"
expect resp.http.sha2-384 == "47f05d367b0c32e438fb63e6cf4a5f35c2aa2f90dc7543f8a41a0f95ce8a40a313ab5cf36134a2068c4c969cb50db776" expect resp.http.sha2-384 == "47f05d367b0c32e438fb63e6cf4a5f35c2aa2f90dc7543f8a41a0f95ce8a40a313ab5cf36134a2068c4c969cb50db776"
expect resp.http.sha2-512 == "4dff4ea340f0a823f15d3f4f01ab62eae0e5da579ccb851f8db9dfe84c58b2b37b89903a740e1ee172da793a6e79d560e5f7f9bd058a12a280433ed6fa46510a" expect resp.http.sha2-512 == "4dff4ea340f0a823f15d3f4f01ab62eae0e5da579ccb851f8db9dfe84c58b2b37b89903a740e1ee172da793a6e79d560e5f7f9bd058a12a280433ed6fa46510a"
expect resp.http.sha2-invalid == ""
txreq -url "/" \ txreq -url "/" \
-hdr "Hash: 2" -hdr "Hash: 2"
rxresp rxresp
@ -56,5 +54,4 @@ client c1 -connect ${h1_fe_sock} {
expect resp.http.sha2-256 == "d4735e3a265e16eee03f59718b9b5d03019c07d8b6c51f90da3a666eec13ab35" expect resp.http.sha2-256 == "d4735e3a265e16eee03f59718b9b5d03019c07d8b6c51f90da3a666eec13ab35"
expect resp.http.sha2-384 == "d063457705d66d6f016e4cdd747db3af8d70ebfd36badd63de6c8ca4a9d8bfb5d874e7fbd750aa804dcaddae7eeef51e" expect resp.http.sha2-384 == "d063457705d66d6f016e4cdd747db3af8d70ebfd36badd63de6c8ca4a9d8bfb5d874e7fbd750aa804dcaddae7eeef51e"
expect resp.http.sha2-512 == "40b244112641dd78dd4f93b6c9190dd46e0099194d5a44257b7efad6ef9ff4683da1eda0244448cb343aa688f5d3efd7314dafe580ac0bcbf115aeca9e8dc114" expect resp.http.sha2-512 == "40b244112641dd78dd4f93b6c9190dd46e0099194d5a44257b7efad6ef9ff4683da1eda0244448cb343aa688f5d3efd7314dafe580ac0bcbf115aeca9e8dc114"
expect resp.http.sha2-invalid == ""
} -run } -run

25
src/sample.c
View File

@ -1531,6 +1531,29 @@ static int sample_conv_sha1(const struct arg *arg_p, struct sample *smp, void *p
} }
#ifdef USE_OPENSSL #ifdef USE_OPENSSL
static int smp_check_sha2(struct arg *args, struct sample_conv *conv,
const char *file, int line, char **err)
{
if (args[0].type == ARGT_STOP)
return 1;
if (args[0].type != ARGT_SINT) {
memprintf(err, "Invalid type '%s'", arg_type_names[args[0].type]);
return 0;
}
switch (args[0].data.sint) {
case 224:
case 256:
case 384:
case 512:
/* this is okay */
return 1;
default:
memprintf(err, "Unsupported number of bits: '%lld'", args[0].data.sint);
return 0;
}
}
static int sample_conv_sha2(const struct arg *arg_p, struct sample *smp, void *private) static int sample_conv_sha2(const struct arg *arg_p, struct sample *smp, void *private)
{ {
struct buffer *trash = get_trash_chunk(); struct buffer *trash = get_trash_chunk();
@ -3362,7 +3385,7 @@ static struct sample_conv_kw_list sample_conv_kws = {ILH, {
{ "regsub", sample_conv_regsub, ARG3(2,REG,STR,STR), sample_conv_regsub_check, SMP_T_STR, SMP_T_STR }, { "regsub", sample_conv_regsub, ARG3(2,REG,STR,STR), sample_conv_regsub_check, SMP_T_STR, SMP_T_STR },
{ "sha1", sample_conv_sha1, 0, NULL, SMP_T_BIN, SMP_T_BIN }, { "sha1", sample_conv_sha1, 0, NULL, SMP_T_BIN, SMP_T_BIN },
#ifdef USE_OPENSSL #ifdef USE_OPENSSL
{ "sha2", sample_conv_sha2, ARG1(0, SINT), NULL, SMP_T_BIN, SMP_T_BIN }, { "sha2", sample_conv_sha2, ARG1(0, SINT), smp_check_sha2, SMP_T_BIN, SMP_T_BIN },
#endif #endif
{ "concat", sample_conv_concat, ARG3(1,STR,STR,STR), smp_check_concat, SMP_T_STR, SMP_T_STR }, { "concat", sample_conv_concat, ARG3(1,STR,STR,STR), smp_check_concat, SMP_T_STR, SMP_T_STR },
{ "strcmp", sample_conv_strcmp, ARG1(1,STR), smp_check_strcmp, SMP_T_STR, SMP_T_SINT }, { "strcmp", sample_conv_strcmp, ARG1(1,STR), smp_check_strcmp, SMP_T_STR, SMP_T_SINT },