mirrors/haproxy
1
0
Fork 0
mirror of https://git.haproxy.org/git/haproxy.git/ synced 2025-09-21 13:51:26 +02:00
Code Issues Projects Releases Wiki Activity
haproxy/include/haproxy/action.h
Willy Tarreau 1e3422e6b0 BUG/MEDIUM: actions: always apply a longest match on prefix lookup 
Many actions take arguments after a parenthesis. When this happens, they
have to be tagged in the parser with KWF_MATCH_PREFIX so that a sub-word
is sufficient (since by default the whole block including the parenthesis
is taken).

The problem with this is that the parser stops on the first match. This
was OK years ago when there were very few actions, but over time new ones
were added and many actions are the prefix of another one (e.g. "set-var"
is the prefix of "set-var-fmt"). And what happens in this case is that the
first word is picked. Most often that doesn't cause trouble because such
similar-looking actions involve the same custom parser so actually the
wrong selection of the first entry results in the correct parser to be
used anyway and the error to be silently hidden.

But it's getting worse when accidentally declaring prefixes in multiple
files, because in this case it will solely depend on the object file link
order: if the longest name appears first, it will be properly detected,
but if it appears last, its other prefix will be detected and might very
well not be related at all and use a distinct parser. And this is random
enough to make some actions succeed or fail depending on the build options
that affect the linkage order. Worse: what if a keyword is the prefix of
another one, with a different parser but a compatible syntax ? It could
seem to work by accident but not do the expected operations.

The correct solution is to always look for the longest matching name.
This way the correct keyword will always be matched and used and there
will be no risk to randomly pick the wrong anymore.

This fix must be backported to the relevant stable releases.
2023-10-06 17:06:44 +02:00

125 lines
3.7 KiB
C
Raw Blame History

/*
* include/haproxy/action.h
* This file contains actions prototypes.
*
* Copyright (C) 2000-2010 Willy Tarreau - w@1wt.eu
*
* This library is free software; you can redistribute it and/or
* modify it under the terms of the GNU Lesser General Public
* License as published by the Free Software Foundation, version 2.1
* exclusively.
*
* This library is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* Lesser General Public License for more details.
*
* You should have received a copy of the GNU Lesser General Public
* License along with this library; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
*/
#ifndef _HAPROXY_ACTION_H
#define _HAPROXY_ACTION_H
#include <stdio.h>
#include <haproxy/action-t.h>
#include <haproxy/cfgparse.h>
#include <haproxy/list.h>
#include <haproxy/sample.h>
struct resolv_requester;
struct dns_counters;
int act_resolution_cb(struct resolv_requester *requester, struct dns_counters *counters);
int act_resolution_error_cb(struct resolv_requester *requester, int error_code);
const char *action_suggest(const char *word, const struct list *keywords, const char **extra);
void free_act_rule(struct act_rule *rule);
static inline struct action_kw *action_lookup(struct list *keywords, const char *kw)
{
struct action_kw_list *kw_list;
struct action_kw *best = NULL;
int len, bestlen = 0;
int i;
if (LIST_ISEMPTY(keywords))
return NULL;
list_for_each_entry(kw_list, keywords, list) {
for (i = 0; kw_list->kw[i].kw != NULL; i++) {
if ((kw_list->kw[i].flags & KWF_MATCH_PREFIX) &&
(len = strlen(kw_list->kw[i].kw)) > bestlen &&
strncmp(kw, kw_list->kw[i].kw, len) == 0) {
if (len > bestlen) {
bestlen = len;
best = &kw_list->kw[i];
}
}
if (strcmp(kw, kw_list->kw[i].kw) == 0)
return &kw_list->kw[i];
}
}
return best;
}
static inline void action_build_list(struct list *keywords,
struct buffer *chk)
{
struct action_kw_list *kw_list;
int i;
char *p;
char *end;
int l;
p = chk->area;
end = p + chk->size - 1;
list_for_each_entry(kw_list, keywords, list) {
for (i = 0; kw_list->kw[i].kw != NULL; i++) {
l = snprintf(p, end - p, "'%s%s', ", kw_list->kw[i].kw, (kw_list->kw[i].flags & KWF_MATCH_PREFIX) ? "(*)" : "");
if (l > end - p)
continue;
p += l;
}
}
if (p > chk->area)
*(p-2) = '\0';
else
*p = '\0';
}
/* Check an action ruleset validity. It returns the number of error encountered
* and err_code is updated if a warning is emitted.
*/
int check_action_rules(struct list *rules, struct proxy *px, int *err_code);
/* Find and check the target table used by an action track-sc*. This
* function should be called during the configuration validity check.
*
* The function returns 1 in success case, otherwise, it returns 0 and err is
* filled.
*/
int check_trk_action(struct act_rule *rule, struct proxy *px, char **err);
/* check a capture rule. This function should be called during the configuration
* validity check.
*
* The function returns 1 in success case, otherwise, it returns 0 and err is
* filled.
*/
int check_capture(struct act_rule *rule, struct proxy *px, char **err);
int cfg_parse_rule_set_timeout(const char **args, int idx, struct act_rule *rule,
struct proxy *px, char **err);
static inline void release_timeout_action(struct act_rule *rule)
{
release_sample_expr(rule->arg.timeout.expr);
}
struct act_rule *new_act_rule(enum act_from from, const char *file, int linenum);
void free_act_rules(struct list *rules);
void dump_act_rules(const struct list *rules, const char *pfx);
#endif /* _HAPROXY_ACTION_H */
Reference in New Issue View Git Blame Copy Permalink