upstream/haproxy
1
0
Fork 0
mirror of https://github.com/haproxy/haproxy.git synced 2026-02-20 00:10:41 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions 14
haproxy/src
History
Willy Tarreau 58727ec088 BUG/MAJOR: http: fix breakage of "reqdeny" causing random crashes 
Commit 108b1dd ("MEDIUM: http: configurable http result codes for
http-request deny") introduced in 1.6-dev2 was incomplete. It introduced
a new field "rule_deny_status" into struct http_txn, which is filled only
by actions "http-request deny" and "http-request tarpit". It's then used
in the deny code path to emit the proper error message, but is used
uninitialized when the deny comes from a "reqdeny" rule, causing random
behaviours ranging from returning a 200, an empty response, or crashing
the process. Often upon startup only 200 was returned but after the fields
are used the crash happens. This can be sped up using -dM.

There's no need at all for storing this status in the http_txn struct
anyway since it's used immediately after being set. Let's store it in
a temporary variable instead which is passed as an argument to function
http_req_get_intercept_rule().

As an extra benefit, removing it from struct http_txn reduced the size
of this struct by 8 bytes.

This fix must be backported to 1.6 where the bug was detected. Special
thanks to Falco Schmutz for his detailed report including an exploitable
core and a reproducer.
2016-05-25 16:23:59 +02:00
..
51d.c CLEANUP: uniformize last argument of malloc/calloc 2016-04-03 14:17:42 +02:00
acl.c MINOR: acl: Add predefined METH_DELETE, METH_PUT 2016-04-12 11:44:09 +02:00
applet.c MINOR: stream-int: rename si_applet_done() to si_applet_wake_cb() 2015-09-25 21:16:02 +02:00
arg.c MINOR: sample: Moves ARGS underlying type from 32 to 64 bits. 2016-03-15 22:11:52 +01:00
auth.c MINOR: samples: rename union from "data" to "u" 2015-08-20 17:13:46 +02:00
backend.c BUG/MAJOR: samples: check smp->strm before using it 2016-03-10 16:42:58 +01:00
base64.c [MINOR] add encode/decode function for 30-bit integers from/to base64 2010-10-30 19:04:33 +02:00
buffer.c BUG/MEDIUM: buffers: do not round up buffer size during allocation 2016-01-25 02:31:18 +01:00
cfgparse.c BUG/MINOR: fix listening IP address storage for frontends (cont) 2016-05-19 21:53:10 +02:00
channel.c BUG/MEDIUM: channel: fix inconsistent handling of 4GB-1 transfers 2016-05-04 15:26:37 +02:00
checks.c MINOR: Add ability for agent-check to set server maxconn 2016-04-25 17:23:50 +02:00
chunk.c BUG/MEDIUM: chunks: always reject negative-length chunks 2016-02-25 16:24:14 +01:00
compression.c CLEANUP: uniformize last argument of malloc/calloc 2016-04-03 14:17:42 +02:00
connection.c BUG/MAJOR: fix listening IP address storage for frontends 2016-05-19 10:43:24 +02:00
da.c MINOR: da: Using ARG12 macro for the sample fetch and the convertor. 2016-03-17 05:44:33 +01:00
dns.c BUG/MEDIUM: dns: fix alignment issue when building DNS queries 2016-05-09 11:01:08 +02:00
dumpstats.c MINOR: stats: show stat resolvers missing in the help message 2016-05-06 12:28:43 +02:00
ev_epoll.c CLEANUP: poll: move the conditions for waiting out of the poll functions 2015-04-13 20:47:51 +02:00
ev_kqueue.c CLEANUP: remove unneeded casts 2016-04-03 14:17:42 +02:00
ev_poll.c CLEANUP: poll: move the conditions for waiting out of the poll functions 2015-04-13 20:47:51 +02:00
ev_select.c CLEANUP: poll: move the conditions for waiting out of the poll functions 2015-04-13 20:47:51 +02:00
fd.c CLEANUP: remove unneeded casts 2016-04-03 14:17:42 +02:00
filters.c MEDIUM: filters: Add pre and post analyzer callbacks 2016-05-18 15:11:54 +02:00
flt_http_comp.c MEDIUM: filters: Move HTTP headers filtering in its own callback 2016-05-18 15:11:54 +02:00
flt_trace.c MEDIUM: filters: Add pre and post analyzer callbacks 2016-05-18 15:11:54 +02:00
freq_ctr.c BUG/MINOR: time: frequency counters are not totally accurate 2012-12-29 21:50:07 +01:00
frontend.c MINOR: samples: rename union from "data" to "u" 2015-08-20 17:13:46 +02:00
haproxy-systemd-wrapper.c MINOR: systemd: ensure a reload doesn't mask a stop 2016-02-27 08:28:43 +01:00
haproxy.c BUG/MEDIUM: init: don't use environment locale 2016-05-19 07:19:19 +02:00
hash.c MINOR: hash: add new function hash_crc32 2015-01-20 19:48:05 +01:00
hdr_idx.c OPTIM/MINOR: move the hdr_idx pools out of the proxy struct 2011-10-24 18:15:04 +02:00
hlua.c BUG/MAJOR: fix listening IP address storage for frontends 2016-05-19 10:43:24 +02:00
hlua_fcn.c CLEANUP: remove unneeded casts 2016-04-03 14:17:42 +02:00
i386-linux-vsys.c MEDIUM: listener: add support for linux's accept4() syscall 2012-10-08 20:11:03 +02:00
lb_chash.c CLEANUP: remove unneeded casts 2016-04-03 14:17:42 +02:00
lb_fas.c REORG/MEDIUM: server: split server state and flags in two different variables 2014-05-22 11:27:00 +02:00
lb_fwlc.c REORG/MEDIUM: server: split server state and flags in two different variables 2014-05-22 11:27:00 +02:00
lb_fwrr.c REORG/MEDIUM: server: split server state and flags in two different variables 2014-05-22 11:27:00 +02:00
lb_map.c CLEANUP: remove unneeded casts 2016-04-03 14:17:42 +02:00
listener.c BUG/MINOR: listener: stop unbound listeners on startup 2016-04-14 12:05:02 +02:00
log.c MINOR: log: add the %Td log-format specifier 2016-05-17 18:04:30 +02:00
lru.c MINOR: lru: new function to delete <nb> least recently used keys 2016-01-11 07:31:35 +01:00
mailers.c MEDIUM: Add parsing of mailers section 2015-02-03 00:24:16 +01:00
map.c CLEANUP: map: Avoid memory leak in out-of-memory condition. 2016-03-08 12:55:06 +01:00
memory.c MEDIUM: pools: add a new flag to avoid rounding pool size up 2016-01-25 02:31:18 +01:00
namespace.c CLEANUP: uniformize last argument of malloc/calloc 2016-04-03 14:17:42 +02:00
pattern.c BUG/MINOR: pattern: Avoid memory leak on out-of-memory condition 2016-03-13 07:47:25 +01:00
payload.c CLEANUP: payload: remove useless and confusing nullity checks for channel buffer 2016-03-10 17:28:04 +01:00
peers.c CLEANUP: uniformize last argument of malloc/calloc 2016-04-03 14:17:42 +02:00
pipe.c BUILD/MINOR: silent a build warning in src/pipe.c (fcntl) 2011-10-24 17:09:22 +02:00
proto_http.c BUG/MAJOR: http: fix breakage of "reqdeny" causing random crashes 2016-05-25 16:23:59 +02:00
proto_tcp.c BUG/MAJOR: fix listening IP address storage for frontends 2016-05-19 10:43:24 +02:00
proto_udp.c CLEANUP: fix inconsistency between fd->iocb, proto->accept and accept() 2016-04-14 11:18:22 +02:00
proto_uxst.c MINOR: unix: don't mention free ports on EAGAIN 2016-01-26 21:11:51 +01:00
protocol.c MEDIUM: protocol: use a family array to index the protocol handlers 2015-02-28 23:12:31 +01:00
proxy.c CLEANUP: uniformize last argument of malloc/calloc 2016-04-03 14:17:42 +02:00
queue.c REORG/MEDIUM: stream: rename stream flags from SN_* to SF_* 2015-04-06 11:23:57 +02:00
raw_sock.c BUG/MINOR: raw_sock: also consider ENOTCONN in addition to EAGAIN for recv() 2014-03-04 07:27:18 +01:00
rbtree.c [MINOR] imported the rbtree function from Linux kernel 2007-01-07 02:12:57 +01:00
regex.c CLEANUP: uniformize last argument of malloc/calloc 2016-04-03 14:17:42 +02:00
sample.c BUG/MEDIUM: sample: initialize the pointer before parse_binary call. 2016-04-12 11:08:24 +02:00
server.c MINOR: Add ability for agent-check to set server maxconn 2016-04-25 17:23:50 +02:00
session.c MAJOR: filters: Add filters support 2016-02-09 14:53:15 +01:00
shctx.c CLEANUP: remove unneeded casts 2016-04-03 14:17:42 +02:00
signal.c MEDIUM: unblock signals on startup. 2016-04-20 10:53:12 +02:00
ssl_sock.c BUG/MEDIUM: ssl: rewind the BIO when reading certificates 2016-04-06 19:02:38 +02:00
standard.c MINOR: add list_append_word function 2016-05-14 00:00:54 +02:00
stick_table.c CLEANUP: remove unneeded casts 2016-04-03 14:17:42 +02:00
stream.c MEDIUM: filters: Add pre and post analyzer callbacks 2016-05-18 15:11:54 +02:00
stream_interface.c BUG/MEDIUM: stream-int: avoid double-call to applet->release 2015-09-25 21:16:03 +02:00
task.c REORG/MAJOR: session: rename the "session" entity to "stream" 2015-04-06 11:23:56 +02:00
time.c BUG/MINOR: time: frequency counters are not totally accurate 2012-12-29 21:50:07 +01:00
trace.c BUG/MEDIUM: trace.c: rdtsc() is defined in two files 2016-04-09 22:27:01 +02:00
uri_auth.c CLEANUP: uniformize last argument of malloc/calloc 2016-04-03 14:17:42 +02:00
vars.c BUG/MAJOR: vars: always retrieve the stream and session from the sample 2016-03-10 17:28:04 +01:00
xxhash.c CLEANUP: remove unneeded casts 2016-04-03 14:17:42 +02:00