When a header value is replaced, a test is performed to verify if the
authority must be updated or not. But there are some places where we know it
is useless. First, when the caller know the header is not the host
header. Then when the host header value is updated because the authority was
changed.
So now, an extra argument was added to http_replace_header() and
http_replace_header_value() functions to specify if the authority update
must be performed or not.
During scheme based normalization, when the authority is normalized, the
host headers are updated accordingly. Only full host header values must be
updated. Comma-separated list are not expected here.
It is important to do so to be consistant with other places where the host
header is updated (when the request URI is changed for instance).
When a host header value is updated, the authority can also be updated
accordingly. When it is performed, we must not use the new host header value
from the HTX message. Instead we must use the data passed as argument. It is
unexpected but the host header can have several comma-separated values.
Using the full header value can lead to unexpected result.
Note: having multiple comma-separated values for the host header should not
be supported. The comma should be part of the host value. But it is
quite ambiguous. This will be fixed in another commit.
This patch must be backported to all stable versions.
During the scheme based normalization, The original authority value is used
to replace every host headers. It is an issue, because when the HTX message
is modified the blocks may be reorganised to find free space. For instance a
defragmentation can be performed. So the address of the authority can
change. To perform such rewrite, the new value must be stored in a temporary
buffer. It is especially important because the start-line is also updated,
so the original authority could be moved, making it invalid.
Because of this bug, it is possible to mix HTX block values. There is no
overflow but the start-line can be crushed with data from the host header
value, making it invalid for the server.
So, to fix the issue, the new host header value is now the one in the trash
chunk used to rewrite the start line. But in that case, the trash chunk must
be allocated to be sure it remains valid when replacing all host headers
values.
This patch must be backported as far as 2.6.
Modern compiler breaks when defining bool, false and true.
Include <stdbool.h> instead.
$ make -j$(nproc) TARGET=linux-glibc USE_51DEGREES=1 \
51DEGREES_VER=4 51DEGREES_SRC=addons/51degrees/dummy/v4hash/
When using QUIC, mux instantiates quic_frame objects but does not free
them. This is performed only when acknowledgment are received.
This is not the case for QMux protocol, as the transport layer is much
simpler in this case. As such, mux is responsible to free up the frames
after emission.
This patch fixes qcc_qstrm_send_frames() by adding the necessary
qc_frm_free() calls as soon as a frame is emitted. This fixes a memory
leak. This function ensures that the freed object is removed from its
parent list, so LIST_DEL_INIT() is not necessary anymore.
No need to backport.
b_alloc() does nothing if a buffer is already allocated. As such, it is
not necessary to call b_size() as a check prior to it. Removes its usage
in qcc_qstrm_recv() so that the code is similar to other b_alloc()
usages.
Remove exports for functions that are not called directly anymore, and
make them static. This involves some reordering to avoid the need for a
forward static declaration.
Also remove the old callback fields from the lbprm struct.
This creates an ops structure for the various callbacks into the LB
algorithms, and defines those ops structure for each algorithm. A new
proxy_init callback is added for the initialization functions called
from proxy_finalize(). Since one of them needs to return an int in case
of an error, we change all the others to also return an int so we have a
uniform type.
No functional changes.
http_wait_for_request() improperly reports term events on the scb instead
of scf, causing some request parsing failures to possibly be reported as
response errors. This was introduced in 3.2 with commit 2dc02f75b1 ("MEDIUM:
tevt/stconn/stream: Add dedicated termination events for stream location")
so it must be backported there.
The char tmp[10] buffer can only hold 8 hex digits + CRLF suffix. If chksz
exceeds 4GB (0xFFFFFFFF), the do-while loop writes more than 8 hex digits,
overflowing the stack buffer by 1+ bytes. In practice the buffer is aligned
from the end and leaves a 6-byte hole before it on 64-bit systems, leaving
enough room to be harmless, and 4 on 32-bit platforms which save it from
touching lower variables. So it is safe but just by luck.
Fix by increasing tmp[] to 18 bytes, sufficient for up to 16 hex digits
(2^64 - 1) plus CRLF.
This patch adds termination level on QUIC MUX at the stream layer.
Similarly to the previous patch, error codes should be similar to the
ones already used in H2.
Most of the values are reported via qcc_reset_stream() which have now an
extra argument for this. This is used by application protocol H3 and
hq-interop.
qmux_sctl() callback is extended to support MUX_SCTL_TEVTS to report the
current stream termination event at the upper layer.
Implement termination event log in QUIC MUX layer at the connection
level. The objective is to reuse similar codes already used on H2.
Most of the error values are reported via qcc_set_error() which have now
an extra argument to specify the term event code. This is in particular
used in H3 application protocol code.
Also, qmux_ctl() now implements MUX_CTL_TEVTS to report the current
connection termination code to the upper layer. Callback qmux_sctl()
display the connection term event code on MUX_SCTL_DBG_STR.
This cleans up around 12 non-visible typos in h2 and mux-h2, 6 in peers,
3 in tools, and also addresses a leftover after commit 9294e8822f in 2.4
which changed the word fingerprint calculation without updating the
comment about the possible output values. No backport needed.
In update_word_fingerprint_with_len() we convert a character to lower
case, then it's checked against lower case, upper case and digits. Let's
just drop the upper case check which cannot happen.
Flag PEERS_F_DBG_RESYNC_REMOTEASSIGN was missing and
PEERS_F_DBG_RESYNC_REMOTEABORT appeared twice instead, so the former
would not appear in flags dumps. This can be backported to 3.0.0.
The expression to check both peer->local and appctx_is_back() uses a
bitwise '&' instead of a logical '&&'. Fortunately both values are
always either 0 or 1 so there is no impact. This can be backported to
all stable versions.
Several cases in sample_conv_when (FORWARDED, TOAPPLET, PROCESSED, ACL)
access smp->strm->scb without checking if strm is NULL. The strm field
may be NULL (e.g., tcp-request connection). Let's add NULL checks to
prevent dereferencing a NULL pointer.
This should be backported to 3.1.
Several error paths in smp_resolve_args used 'continue' which skipped
LIST_DELETE and free(cur), leaking the arg_list node. Changed all to
'break' to ensure proper cleanup on all error paths. This is harmless
since when such issues are met, the process refuses to start, so no
backport is really needed.
When find_acl_by_name() and find_acl_default() both fail when parsing
converter "when(ACL,foo)", the previously allocated acl_sample struct
is leaked. Free it before returning 0. This can be backported to stable
versions.
When strdup() fails after some entries have already been strdup'd, the function
returned -1 without freeing previously allocated strings. Added cleanup loop to
free all previously strdup'd entries and reset init_env.
This can be backported to 3.1.
When malloc() fails in indent_msg, the function returned NULL without
freeing the original *out string as it was supposed to. The caller loses
both the original string (leaked) and gets NULL back. Fixed to free *out
and set it to NULL before returning.
Both functions cast void * to int * and dereference, reading 4 bytes as an
integer instead of a single byte. This is passed to memchr() which expects a
byte value. On unaligned addresses this causes crashes on ARM/mips etc, and
search for the wrong byte on big endian platforms. Fixed to cast to
const unsigned char * and dereference a single byte. This is marked as
minor because these functions were added in 2.2 by commit 5eb96cbcbc
("MINOR: standard: Add my_memspn and my_memcspn") and have not been used
since then.
Recent commit 90bfbea7c0 ("BUG/MINOR: ssl: fix memory leaks on realloc
failure in ssl_sock.c") accidentally turned a memory leak in case of
allocation failure into a double-free: the original pointer must no
longer be released. In addition, the allocated_size has to be reset
in case of failure. This needs to be backported to 3.3 like previous
commit.
Warn at Makefile parse time that the opentracing filter was deprecated
in haproxy 3.3 and will be removed in 3.5, complementing the runtime
warning emitted at filter init.
The opentracing filter was deprecated in haproxy 3.3 and will be removed
in 3.5. A warning is now issued during filter initialization, unless the
global 'expose-deprecated-directives' directive is set. The notice is
emitted only once regardless of the number of filter instances.
Fix a realloc() bug in ckchs_dup() when copying the acme.ips array,
where overwriting the original pointer with NULL on allocation failure
loses reference to the original memory block.
Use my_realloc2() which safely handles the failure.
No backport needed.
Replace bare realloc() calls with my_realloc2(), which frees the original
pointer on allocation failure, preventing a memory leak when the pointer
is subsequently overwritten with NULL.
Must be backported to 3.3.
Replace bare realloc() calls with my_realloc2(), which frees the original
pointer on allocation failure, preventing a memory leak when the pointer
is subsequently overwritten with NULL.
Must be backported to 3.2.
A crash occurs immediately when stats-file dump is requested by the
command-line. The issue is caused by the introduction of watchers when
iterating over the proxies list, which is now required with dynamic
backends.
commit 20376c54e2166a0882b71b26326360786f79ebdb
MINOR: stats: protect proxy iteration via watcher
The above patch initializes the new proxy watcher for stats dump and
HTML. However, this was forgotten for stats-file command context. Fix
this by adding the missing watcher_init() in cli_parse_show_stat().
No need to backport.
New connections created by tcpcheck for are marked as private, making
them ineligible for insertion into the server-side connection pool, even
when check-reuse-pool is activated. Thus, connection reuse for health
checks would only work when the pool had already been populated by
regular (non-check) traffic.
Change this behavior so that a new check connection is not flagged as
private anymore when check-reuse-pool is requested. As a result, on
detach, instead of being freed, the connection will be inserted in the
idle pool and will be eligible for reuse, both for regular traffic and
checks.
This change can be useful to ensure that a server idle pool is never
completely empty when check-reuse-pool is active. Additionnally, it is
also necessary to ensure that check reuse is really effective when
connection parameters are different between checks and regular traffic,
resulting in a different reuse hash.
The previous behavior could be considered as a bug to a certain extents.
The current patch should be harmless for default configuration, but it
can be a significant improvment for users who want to perform reuse for
checks. Thus, it should be backported up to 3.2.
QMux implements a record layer which is used to encapsulate QUIC frames.
This patch implements reception of an incomplete record in
qcc_qstrm_recv(). BUG_ON() failures are removed and now reading will
continue until the whole record is received or a fatal error occurs.
Several adjustments were made in the logic for read operation.
Previously, read syscall was only performed if either data buffer was
empty or current record was incomplete. An extra condition is added to
perform read if there is data in the buffer but not enough to decode a
record header. Another change is that buffer realign is also performed
in this latter case and if buffer wrapping position has been reached.
Remove BUG_ON() related to connection errors when invoking XPRT
snd_buf/rcv_buf in QMux operations. Such errors are now converted in
QC_CF_ERR_CONN flag, which will disable any I/O operations and close the
connection as soon as possible.
Note that this error management is pretty crude. In particular, it could
lead to truncated data when dealing with unidirectional connection
closure from the remote peer. However, it is considered sufficient for
now to continue interop testing without being disturbed by BUG_ON()
assertion crashes.
Support reception via QMux of flow control MAX-STREAMS frame for
bidirectional streams. This is similar to the QUIC with shared
qcc_recv_max_streams() function.
When xprt_qstrm layer is completed, MUX layer is started. Rx buffer from
the XPRT layer is transferred to the MUX so that it can handle any extra
data following the transport parameters first frame.
Since previous commit, QCC Rx buffer is dynamically allocated only when
needed. However, qmux_init() must still allocate it when there is data
to be transferred from the XPRT layer. As a result, code has been over
extended to continue to support this case.
This patch simplifies xprt_qstrm API for the Rx buffer transfer. Buffer
content and remaining record length can now be retrieved via the single
function xprt_qstrm_xfer_rxbuf(). If the buffer is empty, nothing is
performed and XPRT layer will release it. If not empty, MUX will take
ownership of the buffer from the XPRT layer.
Allocate and release as needed the QCC buffers used for QMux protocol.
This should reduce the memory consumption of QMux. This is performed
both for send and receive buffers. Along with this, always free these
buffers in qcc_release() to prevent a memory leak.
Improve QMux memory usage at the QCS level in accordance with the
haproxy model. The tx buffer is now allocated only when used and
released as soon as it is empty.
This change requires to extend qcc_get_stream_txbuf() for QMux. Code
part related to qc_stream_desc is protected via conn_is_quic(). A
dedicated QMux bloc is added. Similarly to QUIC, a small buf can be
allocated first.
This also requires to adapt qcc_realloc_stream_txbuf() in a similar
fashion.
