upstream/haproxy
1
0
Fork 0
mirror of https://github.com/haproxy/haproxy.git synced 2026-02-20 16:30:21 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions 12
haproxy/include/types
History
Willy Tarreau 58727ec088 BUG/MAJOR: http: fix breakage of "reqdeny" causing random crashes 
Commit 108b1dd ("MEDIUM: http: configurable http result codes for
http-request deny") introduced in 1.6-dev2 was incomplete. It introduced
a new field "rule_deny_status" into struct http_txn, which is filled only
by actions "http-request deny" and "http-request tarpit". It's then used
in the deny code path to emit the proper error message, but is used
uninitialized when the deny comes from a "reqdeny" rule, causing random
behaviours ranging from returning a 200, an empty response, or crashing
the process. Often upon startup only 200 was returned but after the fields
are used the crash happens. This can be sped up using -dM.

There's no need at all for storing this status in the http_txn struct
anyway since it's used immediately after being set. Let's store it in
a temporary variable instead which is passed as an argument to function
http_req_get_intercept_rule().

As an extra benefit, removing it from struct http_txn reduced the size
of this struct by 8 bytes.

This fix must be backported to 1.6 where the bug was detected. Special
thanks to Falco Schmutz for his detailed report including an exploitable
core and a reproducer.
2016-05-25 16:23:59 +02:00
..
acl.h REORG/MAJOR: session: rename the "session" entity to "stream" 2015-04-06 11:23:56 +02:00
action.h MINOR: stream/applet: add use-service action 2015-09-28 01:03:48 +02:00
applet.h BUG/MEDIUM: stats: show backend may show an empty or incomplete result 2016-05-06 12:28:43 +02:00
arg.h MINOR: sample: Moves ARGS underlying type from 32 to 64 bits. 2016-03-15 22:11:52 +01:00
auth.h MAJOR: auth: Change the internal authentication system. 2014-03-17 18:06:06 +01:00
backend.h MEDIUM: backend: add the crc32 hash algorithm for load balancing 2015-01-20 19:48:14 +01:00
capture.h MINOR: capture: extend the captures to support non-header keys 2014-06-13 16:32:48 +02:00
channel.h MEDIUM: filters: Add pre and post analyzer callbacks 2016-05-18 15:11:54 +02:00
checks.h MINOR: check: add agent-send server parameter 2015-11-04 07:26:51 +01:00
compression.h MAJOR: filters/http: Rewrite the HTTP compression as a filter 2016-02-09 14:53:15 +01:00
connection.h MAJOR: tproxy: remove support for cttproxy 2015-08-20 19:35:14 +02:00
counters.h MEDIUM: session: maintain per-backend and per-server time statistics 2014-06-17 17:15:56 +02:00
dns.h BUG/MINOR: dns: fix DNS header definition 2016-05-09 11:01:08 +02:00
fd.h CLEANUP: fix inconsistency between fd->iocb, proto->accept and accept() 2016-04-14 11:18:22 +02:00
filters.h MEDIUM: filters: Add pre and post analyzer callbacks 2016-05-18 15:11:54 +02:00
freq_ctr.h [MINOR] freq_ctr: add new types and functions for periods different from 1s 2010-08-10 14:01:09 +02:00
global.h BUG/MEDIUM: config: properly adjust maxconn with nbproc when memmax is forced 2015-12-14 13:03:09 +01:00
hdr_idx.h [BUG] files were missing for hdr_idx in previous commit 2006-12-04 02:20:02 +01:00
hlua.h MINOR: lua: add class listener 2016-03-30 18:43:47 +02:00
lb_chash.h [MEDIUM] build: switch ebtree users to use new ebtree version 2009-10-26 21:10:04 +01:00
lb_fas.h MEDIUM: backend: add the 'first' balancing algorithm 2012-02-21 22:27:27 +01:00
lb_fwlc.h [MEDIUM] build: switch ebtree users to use new ebtree version 2009-10-26 21:10:04 +01:00
lb_fwrr.h [MEDIUM] build: switch ebtree users to use new ebtree version 2009-10-26 21:10:04 +01:00
lb_map.h [CLEANUP] proxy: move last lb-specific bits to their respective files 2009-10-03 18:41:18 +02:00
listener.h MEDIUM: ssl: Add options to forge SSL certificates 2015-06-12 18:06:59 +02:00
log.h MINOR: log: add the %Td log-format specifier 2016-05-17 18:04:30 +02:00
mailers.h MINOR: mailers: make it possible to configure the connection timeout 2016-02-20 15:33:06 +01:00
map.h CLEANUP: map: it seems that the map were planed to be chained 2016-03-30 15:41:15 +02:00
obj_type.h CLEANUP: applet: rename struct si_applet to applet 2015-04-23 17:56:16 +02:00
pattern.h MINOR: map: Add regex matching replacement 2016-02-10 23:38:34 +01:00
peers.h CLEANUP: proxy: remove last references to appsession 2015-08-10 19:42:30 +02:00
pipe.h [MEDIUM] introduce pipe pools 2009-01-25 13:49:53 +01:00
port_range.h [MEDIUM] add support for binding to source port ranges during connect 2009-06-10 12:23:32 +02:00
proto_http.h BUG/MAJOR: http: fix breakage of "reqdeny" causing random crashes 2016-05-25 16:23:59 +02:00
proto_udp.h MEDIUM: protocol: add minimalist UDP protocol client 2015-06-13 22:07:35 +02:00
protocol.h CLEANUP: fix inconsistency between fd->iocb, proto->accept and accept() 2016-04-14 11:18:22 +02:00
proxy.h MEDIUM: proxy: use dynamic allocation for error dumps 2016-03-31 13:49:23 +02:00
queue.h REORG/MAJOR: session: rename the "session" entity to "stream" 2015-04-06 11:23:56 +02:00
sample.h MINOR: sample: Moves ARGS underlying type from 32 to 64 bits. 2016-03-15 22:11:52 +01:00
server.h MEDIUM: dns: add a "resolve-net" option which allow to prefer an ip in a network 2016-02-19 14:37:49 +01:00
session.h MEDIUM: vars: move the session variables to the session, not the stream 2015-06-19 11:59:02 +02:00
signal.h [MEDIUM] signals: add support for registering functions and tasks 2010-08-27 18:00:40 +02:00
ssl_sock.h MEDIUM: Add support for updating TLS ticket keys via socket 2015-05-16 11:28:04 +02:00
stick_table.h MEDIUM: stick-tables: Add GPT0 in the stick tables 2015-08-20 17:13:47 +02:00
stream.h MINOR: filters: Add stream_filters structure to hide filters info 2016-02-09 14:53:15 +01:00
stream_interface.h MINOR: stream-int: add two flags to indicate an applet's wishes regarding I/O 2015-04-23 17:56:17 +02:00
task.h DIET/MINOR: task: reduce struct task size by 8 bytes 2013-12-09 16:06:22 +01:00
template.h [CLEANUP] included common/version.h everywhere 2006-06-29 18:54:54 +02:00
vars.h MINOR: samples: rename a struct from sample_storage to sample_data 2015-08-20 17:13:46 +02:00