upstream/haproxy
1
0
Fork 0
mirror of https://github.com/haproxy/haproxy.git synced 2026-02-03 20:39:41 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions 3
haproxy/src
History
Willy Tarreau b83dc3d2ef MEDIUM: config: don't check config validity when there are fatal errors 
Overall we do have an issue with the severity of a number of errors. Most
fatal errors are reported with ERR_FATAL (which prevents startup) and not
ERR_ABORT (which stops parsing ASAP), but check_config_validity() is still
called on ERR_FATAL, and will most of the time report bogus errors. This
is what caused smp_resolve_args() to be called on a number of unparsable
ACLs, and it also is what reports incorrect ordering or unresolvable
section names when certain entries could not be properly parsed.

This patch stops this domino effect by simply aborting before trying to
further check and resolve the configuration when it's already know that
there are fatal errors.

A concrete example comes from this config :

  userlist users :
      user foo insecure-password bar

  listen foo
      bind :1234
      mode htttp
      timeout client 10S
      timeout server 10s
      timeout connect 10s
      stats uri /stats
      stats http-request auth unless { http_auth(users) }
      http-request redirect location /index.html if { path / }

It contains a colon after the userlist name, a typo in the client timeout value,
another one in "mode http" which cause some other configuration elements not to
be properly handled.

Previously it would confusingly report :

  [ALERT] 108/114851 (20224) : parsing [err-report.cfg:1] : 'userlist' cannot handle unexpected argument ':'.
  [ALERT] 108/114851 (20224) : parsing [err-report.cfg:6] : unknown proxy mode 'htttp'.
  [ALERT] 108/114851 (20224) : parsing [err-report.cfg:7] : unexpected character 'S' in 'timeout client'
  [ALERT] 108/114851 (20224) : Error(s) found in configuration file : err-report.cfg
  [ALERT] 108/114851 (20224) : parsing [err-report.cfg:11] : unable to find userlist 'users' referenced in arg 1 of ACL keyword 'http_auth' in proxy 'foo'.
  [WARNING] 108/114851 (20224) : config : missing timeouts for proxy 'foo'.
     | While not properly invalid, you will certainly encounter various problems
     | with such a configuration. To fix this, please ensure that all following
     | timeouts are set to a non-zero value: 'client', 'connect', 'server'.
  [WARNING] 108/114851 (20224) : config : 'stats' statement ignored for proxy 'foo' as it requires HTTP mode.
  [WARNING] 108/114851 (20224) : config : 'http-request' rules ignored for proxy 'foo' as they require HTTP mode.
  [ALERT] 108/114851 (20224) : Fatal errors found in configuration.

The "requires HTTP mode" errors are just pollution resulting from the
improper spelling of this mode earlier. The unresolved reference to the
userlist is caused by the extra colon on the declaration, and the warning
regarding the missing timeouts is caused by the wrong character.

Now it more accurately reports :

  [ALERT] 108/114900 (20225) : parsing [err-report.cfg:1] : 'userlist' cannot handle unexpected argument ':'.
  [ALERT] 108/114900 (20225) : parsing [err-report.cfg:6] : unknown proxy mode 'htttp'.
  [ALERT] 108/114900 (20225) : parsing [err-report.cfg:7] : unexpected character 'S' in 'timeout client'
  [ALERT] 108/114900 (20225) : Error(s) found in configuration file : err-report.cfg
  [ALERT] 108/114900 (20225) : Fatal errors found in configuration.

Despite not really a fix, this patch should be backported at least to 1.7,
possibly even 1.6, and 1.5 since it hardens the config parser against
certain bad situations like the recently reported use-after-free and the
last null dereference.
2017-04-19 11:49:11 +02:00
..
51d.c CLEANUP: 51d: move global settings out of the global section 2016-12-21 21:30:54 +01:00
acl.c BUG/MEDIUM: acl: proprely release unused args in prune_acl_expr() 2017-04-19 11:31:44 +02:00
applet.c BUG/MAJOR: Fix how the list of entities waiting for a buffer is handled 2016-12-12 19:11:04 +01:00
arg.c BUG/MEDIUM: arg: ensure that we properly unlink unresolved arguments on error 2017-04-13 12:20:52 +02:00
auth.c CLEANUP: auth: use the build options list to report its support 2016-12-21 21:30:54 +01:00
backend.c CLEANUP: Replace repeated code to count usable servers with be_usable_srv() 2017-03-13 18:26:05 +01:00
base64.c [MINOR] add encode/decode function for 30-bit integers from/to base64 2010-10-30 19:04:33 +02:00
buffer.c CLEANUP: buffers: Remove buffer_bounce_realign function 2017-03-31 14:38:22 +02:00
cfgparse.c MINOR: proxy: Don't close FDs if not our proxy. 2017-04-13 19:15:17 +02:00
channel.c BUG/MEDIUM: buffers: Fix how input/output data are injected into buffers 2017-03-31 14:36:04 +02:00
checks.c MINOR: server: Add 'no-agent-check' server keyword. 2017-03-27 14:37:01 +02:00
chunk.c MINOR: chunks: implement a simple dynamic allocator for trash buffers 2017-02-08 11:16:29 +01:00
cli.c MINOR: socket transfer: Set a timeout on the socket. 2017-04-13 19:15:17 +02:00
compression.c MINOR: compression: fix -vv output without zlib/slz 2017-01-11 16:11:11 +01:00
connection.c MEDIUM: connection: don't test for CO_FL_WAKE_DATA 2017-03-19 12:17:35 +01:00
da.c CLEANUP: da: move global settings out of the global section 2016-12-21 21:30:54 +01:00
dns.c BUG/MINOR: dns: Wrong address family used when creating IPv6 sockets. 2017-04-11 20:02:21 +02:00
ev_epoll.c MINOR: fd: add a new flag HAP_POLL_F_RDHUP to struct poller 2017-03-21 16:30:35 +01:00
ev_kqueue.c MEDIUM: kqueue: only set FD_POLL_IN when there are pending data 2017-03-21 16:35:17 +01:00
ev_poll.c OPTIM: poll: enable support for POLLRDHUP 2017-03-21 16:30:44 +01:00
ev_select.c MINOR: fd: add a new flag HAP_POLL_F_RDHUP to struct poller 2017-03-21 16:30:35 +01:00
fd.c MINOR: proxy: Don't close FDs if not our proxy. 2017-04-13 19:15:17 +02:00
filters.c BUG/MINOR: filters: Don't force the stream's wakeup when we wait in flt_end_analyze 2017-03-31 14:40:45 +02:00
flt_http_comp.c OPTIM: http: move all http character classs tables into a single one 2016-11-05 15:58:08 +01:00
flt_spoe.c MINOR: spoe: Add "max-frame-size" statement in spoe-agent section 2017-03-09 15:32:56 +01:00
flt_trace.c MINOR: filters: Add check_timeouts callback to handle timers expiration on streams 2016-11-21 15:29:58 +01:00
freq_ctr.c BUG/MINOR: time: frequency counters are not totally accurate 2012-12-29 21:50:07 +01:00
frontend.c MINOR: proxy: Add fe_name/be_name fetchers next to existing fe_id/be_id 2016-12-12 15:10:43 +01:00
haproxy-systemd-wrapper.c MINOR: systemd wrapper: add support for passing the -x option. 2017-04-13 19:15:17 +02:00
haproxy.c MEDIUM: config: don't check config validity when there are fatal errors 2017-04-19 11:49:11 +02:00
hash.c MINOR: hash: add new function hash_crc32 2015-01-20 19:48:05 +01:00
hdr_idx.c OPTIM/MINOR: move the hdr_idx pools out of the proxy struct 2011-10-24 18:15:04 +02:00
hlua.c MINOR: lua: ensure the memory allocator is used all the time 2017-04-13 17:10:15 +02:00
hlua_fcn.c BUILD: lua: build failed on FreeBSD. 2016-12-23 18:03:43 +01:00
i386-linux-vsys.c MEDIUM: listener: add support for linux's accept4() syscall 2012-10-08 20:11:03 +02:00
lb_chash.c MEDIUM: server: Implement bounded-load hash algorithm 2016-10-25 20:21:32 +02:00
lb_fas.c REORG/MEDIUM: server: split server state and flags in two different variables 2014-05-22 11:27:00 +02:00
lb_fwlc.c REORG/MEDIUM: server: split server state and flags in two different variables 2014-05-22 11:27:00 +02:00
lb_fwrr.c REORG/MEDIUM: server: split server state and flags in two different variables 2014-05-22 11:27:00 +02:00
lb_map.c CLEANUP: remove unneeded casts 2016-04-03 14:17:42 +02:00
listener.c MINOR: proxy: Don't close FDs if not our proxy. 2017-04-13 19:15:17 +02:00
log.c CLEANUP: logs: typo: simgle => single 2017-04-18 14:52:07 +02:00
lru.c MINOR: lru: new function to delete <nb> least recently used keys 2016-01-11 07:31:35 +01:00
mailers.c MEDIUM: Add parsing of mailers section 2015-02-03 00:24:16 +01:00
map.c BUG/MINOR: Fix "get map <map> <value>" CLI command 2017-03-13 18:25:53 +01:00
memory.c CLEANUP: memory: remove the now unused cli_parse_show_pools() function 2016-12-16 19:40:13 +01:00
namespace.c CLEANUP: namespaces: use the build options list to report it 2016-12-21 21:30:54 +01:00
pattern.c BUG/MINOR: pattern: Avoid memory leak on out-of-memory condition 2016-03-13 07:47:25 +01:00
payload.c BUG: payload: fix payload not retrieving arbitrary lengths 2017-03-20 07:25:37 +01:00
peers.c BUG/MEDIUM: peers: fix buffer overflow control in intdecode. 2017-03-30 12:12:46 +02:00
pipe.c BUILD/MINOR: silent a build warning in src/pipe.c (fcntl) 2011-10-24 17:09:22 +02:00
proto_http.c BUG/MEDIUM: http: Fix blocked HTTP/1.0 responses when compression is enabled 2017-03-31 14:40:42 +02:00
proto_tcp.c MINOR: tcp: When binding socket, attempt to reuse one from the old proc. 2017-04-13 19:15:17 +02:00
proto_udp.c CLEANUP: fix inconsistency between fd->iocb, proto->accept and accept() 2016-04-14 11:18:22 +02:00
proto_uxst.c MINOR: cli: Add a command to send listening sockets. 2017-04-13 19:15:17 +02:00
protocol.c BUILD: protocol: fix some build errors on OpenBSD 2016-08-10 19:31:58 +02:00
proxy.c MINOR: proxy: Don't close FDs if not our proxy. 2017-04-13 19:15:17 +02:00
queue.c MINOR: proxy: add 'served' field to proxy, equal to total of all servers' 2016-10-25 20:21:32 +02:00
raw_sock.c BUG/MINOR: raw_sock: always perfom the last recv if RDHUP is not available 2017-03-21 16:30:44 +01:00
rbtree.c [MINOR] imported the rbtree function from Linux kernel 2007-01-07 02:12:57 +01:00
regex.c MEDIUM: regex: pcre2 support 2016-12-28 12:51:51 +01:00
sample.c CLEANUP: Remove comment that's no longer valid 2017-03-13 18:26:05 +01:00
server.c BUG/MAJOR: Broken parsing for valid keywords provided after 'source' setting. 2017-04-16 18:13:06 +02:00
session.c CLEANUP: connection: completely remove CO_FL_WAKE_DATA 2017-03-19 12:18:27 +01:00
shctx.c MEDIUM: ssl: Add support for OpenSSL 1.1.0 2016-11-08 20:54:41 +01:00
signal.c MEDIUM: unblock signals on startup. 2016-04-20 10:53:12 +02:00
ssl_sock.c MINOR: server: Make 'default-server' support 'sni' keyword. 2017-03-27 14:37:01 +02:00
standard.c BUILD/MINOR: tools: fix build warning in debug_hexdump() 2017-04-11 08:01:17 +02:00
stats.c BUILD/MINOR: stats: remove unexpected argument to stats_dump_json_header() 2017-04-11 07:54:45 +02:00
stick_table.c BUG/MINOR: sample-fetches/stick-tables: bad type for the sample fetches sc*_get_gpt0 2017-01-05 16:04:05 +01:00
stream.c BUG/MINOR: http: Fix conditions to clean up a txn and to handle the next request 2017-03-31 14:36:20 +02:00
stream_interface.c BUG/MEDIUM: stream: fix client-fin/server-fin handling 2017-03-21 15:04:43 +01:00
task.c MINOR: task: Rename run_queue and run_queue_cur counters 2016-12-12 19:10:54 +01:00
tcp_rules.c MINOR: tcp-rules: check that the listener exists before updating its counters 2016-12-22 23:26:37 +01:00
time.c CLEANUP: time: curr_sec_ms doesn't need to be exported 2017-03-29 15:24:33 +02:00
trace.c BUG/MEDIUM: trace.c: rdtsc() is defined in two files 2016-04-09 22:27:01 +02:00
uri_auth.c CLEANUP: uniformize last argument of malloc/calloc 2016-04-03 14:17:42 +02:00
vars.c BUG/MEDIUM: variables: some variable name can hide another ones 2016-12-12 14:34:56 +01:00
wurfl.c CLEANUP: wurfl: move global settings out of the global section 2016-12-21 21:30:54 +01:00
xxhash.c CLEANUP: remove unneeded casts 2016-04-03 14:17:42 +02:00