1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
|
commit ff9be052e36d427df467b4a9b2f0a9b79af481a4
Author: Christopher Faulet <cfaulet@haproxy.com>
Date: Tue Dec 17 11:25:46 2019 +0100
BUG/MINOR: http-rules: Remove buggy deinit functions for HTTP rules
Functions to deinitialize the HTTP rules are buggy. These functions does not
check the action name to release the right part in the arg union. Only few info
are released. For auth rules, the realm is released and there is no problem
here. But the regex <arg.hdr_add.re> is always unconditionally released. So it
is easy to make these functions crash. For instance, with the following rule
HAProxy crashes during the deinit :
http-request set-map(/path/to/map) %[src] %[req.hdr(X-Value)]
For now, These functions are simply removed and we rely on the deinit function
used for TCP rules (renamed as deinit_act_rules()). This patch fixes the
bug. But arguments used by actions are not released at all, this part will be
addressed later.
This patch must be backported to all stable versions.
(cherry picked from commit cb5501327c7ece8a9b5b07c9a839419e45d9ee4a)
Signed-off-by: Christopher Faulet <cfaulet@haproxy.com>
diff --git a/include/proto/http_rules.h b/include/proto/http_rules.h
index 5e03dd813..608ca5760 100644
--- a/include/proto/http_rules.h
+++ b/include/proto/http_rules.h
@@ -32,8 +32,6 @@ extern struct action_kw_list http_res_keywords;
struct act_rule *parse_http_req_cond(const char **args, const char *file, int linenum, struct proxy *proxy);
struct act_rule *parse_http_res_cond(const char **args, const char *file, int linenum, struct proxy *proxy);
-void free_http_req_rules(struct list *r);
-void free_http_res_rules(struct list *r);
struct redirect_rule *http_parse_redirect_rule(const char *file, int linenum, struct proxy *curproxy,
const char **args, char **errmsg, int use_fmt, int dir);
diff --git a/src/haproxy.c b/src/haproxy.c
index a66a184dc..f225a13f8 100644
--- a/src/haproxy.c
+++ b/src/haproxy.c
@@ -2300,14 +2300,14 @@ static void deinit_acl_cond(struct acl_cond *cond)
free(cond);
}
-static void deinit_tcp_rules(struct list *rules)
+static void deinit_act_rules(struct list *rules)
{
- struct act_rule *trule, *truleb;
+ struct act_rule *rule, *ruleb;
- list_for_each_entry_safe(trule, truleb, rules, list) {
- LIST_DEL(&trule->list);
- deinit_acl_cond(trule->cond);
- free(trule);
+ list_for_each_entry_safe(rule, ruleb, rules, list) {
+ LIST_DEL(&rule->list);
+ deinit_acl_cond(rule->cond);
+ free(rule);
}
}
@@ -2452,9 +2452,12 @@ void deinit(void)
free(lf);
}
- deinit_tcp_rules(&p->tcp_req.inspect_rules);
- deinit_tcp_rules(&p->tcp_rep.inspect_rules);
- deinit_tcp_rules(&p->tcp_req.l4_rules);
+ deinit_act_rules(&p->tcp_req.inspect_rules);
+ deinit_act_rules(&p->tcp_rep.inspect_rules);
+ deinit_act_rules(&p->tcp_req.l4_rules);
+ deinit_act_rules(&p->tcp_req.l5_rules);
+ deinit_act_rules(&p->http_req_rules);
+ deinit_act_rules(&p->http_res_rules);
deinit_stick_rules(&p->storersp_rules);
deinit_stick_rules(&p->sticking_rules);
@@ -2556,8 +2559,6 @@ void deinit(void)
free(p->desc);
free(p->fwdfor_hdr_name);
- free_http_req_rules(&p->http_req_rules);
- free_http_res_rules(&p->http_res_rules);
task_destroy(p->task);
pool_destroy(p->req_cap_pool);
@@ -2582,7 +2583,7 @@ void deinit(void)
free(uap->desc);
userlist_free(uap->userlist);
- free_http_req_rules(&uap->http_req_rules);
+ deinit_act_rules(&uap->http_req_rules);
free(uap);
}
diff --git a/src/http_rules.c b/src/http_rules.c
index b790c5ffe..aad771466 100644
--- a/src/http_rules.c
+++ b/src/http_rules.c
@@ -1186,31 +1186,6 @@ struct redirect_rule *http_parse_redirect_rule(const char *file, int linenum, st
return NULL;
}
-void free_http_res_rules(struct list *r)
-{
- struct act_rule *tr, *pr;
-
- list_for_each_entry_safe(pr, tr, r, list) {
- LIST_DEL(&pr->list);
- regex_free(pr->arg.hdr_add.re);
- free(pr);
- }
-}
-
-void free_http_req_rules(struct list *r)
-{
- struct act_rule *tr, *pr;
-
- list_for_each_entry_safe(pr, tr, r, list) {
- LIST_DEL(&pr->list);
- if (pr->action == ACT_HTTP_REQ_AUTH)
- free(pr->arg.auth.realm);
-
- regex_free(pr->arg.hdr_add.re);
- free(pr);
- }
-}
-
__attribute__((constructor))
static void __http_rules_init(void)
{
|