upstream/haproxy
1
0
Fork 0
mirror of https://github.com/haproxy/haproxy.git synced 2026-03-27 21:06:45 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions 13
haproxy/src
History
Christopher Faulet 9d9d645409 BUG/MAJOR: http-ana: Always abort the request when a tarpit is triggered 
If an client error is reported on the request channel (CF_READ_ERROR) while a
session is tarpitted, no error is returned to the client. Concretly,
http_reply_and_close() function is not called. This function is reponsible to
forward the error to the client. But not only. It is also responsible to abort
the request. Because this function is not called when a read error is reported
on the request channel, and because the tarpit analyzer is the last one, there
is nothing preventing a connection attempt on a server while it is totally
unexpected.

So, a useless connexion on a backend server may be performed because of this
bug. If an HTTP load-balancing algorithm is used on the backend side, it leads
to a crash of HAProxy because the request was already erased.

If you have tarpit rules and if you use an HTTP load-balancing algorithm on your
backends, you must apply this patch. Otherwise a simple TCP reset on a tarpitted
connexion will most likely crash your HAProxy. A safe workaround is to use a
silent-drop rule or a deny rule instead of a tarpit.

This bug also affect the legacy code. It is in fact an very old hidden bug. But
the refactoring of process_stream() in the 1.9 makes it visible. And,
unfortunately, with the HTX, it is easier to hit it because many processing has
been moved in lower layers, in the muxes.

It must be backported as far as 1.9. For the 2.0 and the 1.9, the legacy HTTP
code must also be patched the same way. For older versions, it may be backported
but the bug seems to not impact them.

Thanks to Olivier D <webmaster@ajeux.com> to have reported the bug and provided
all the infos to analyze it.
2020-02-21 11:18:08 +01:00
..
51d.c BUG/MINOR: 51d: Fix bug when HTX is enabled 2020-01-20 14:01:52 +01:00
acl.c MINOR: sample: make sample_parse_expr() able to return an end pointer 2020-02-14 19:02:06 +01:00
action.c MINOR: tcp-rules: Make tcp-request capture a custom action 2020-01-20 15:18:45 +01:00
activity.c CLEANUP: cli: replace all occurrences of manual handling of return messages 2019-08-09 11:26:10 +02:00
applet.c BUG/MEDIUM: applet: always check a fast running applet's activity before killing 2019-10-11 16:05:57 +02:00
arg.c BUG/MINOR: arg: fix again incorrect argument length check 2020-02-16 10:49:55 +01:00
auth.c BUILD/MINOR: auth: enabling for osx 2019-09-08 12:20:13 +02:00
backend.c BUG/MEDIUM: connections: Don't forget to unlock when killing a connection. 2020-01-31 17:25:37 +01:00
base64.c BUG/MINOR: base64: dec func ignores padding for output size checking 2019-01-14 19:32:15 +01:00
buffer.c MEDIUM: memory: use pool_destroy_all() to destroy all pools on deinit() 2018-11-26 19:50:32 +01:00
cache.c BUG/MINOR: cache: Fix leak of cache name in error path 2020-01-18 06:45:54 +01:00
calltrace.c REORG: trace: rename trace.c to calltrace.c and mention it's not thread-safe 2019-08-22 20:21:00 +02:00
cfgparse-global.c MEDIUM: init: set NO_NEW_PRIVS by default when supported 2019-12-06 17:20:26 +01:00
cfgparse-listen.c MINOR: sample: make sample_parse_expr() able to return an end pointer 2020-02-14 19:02:06 +01:00
cfgparse.c MEDIUM: http: Add a ruleset evaluated on all responses just before forwarding 2020-02-06 14:55:34 +01:00
channel.c BUG/MINOR: channel: inject output data at the end of output 2020-01-07 10:51:15 +01:00
checks.c BUG/MINOR: tcpchecks: fix the connect() flags regarding delayed ack 2020-01-24 17:52:37 +01:00
chunk.c Revert "MINOR: chunks: Make sure trash_size is only set once." 2019-06-07 15:37:47 +02:00
cli.c CLEANUP: cli: deduplicate the code in _getsocks 2020-01-16 16:26:41 +01:00
compression.c MINOR: time: move the cpu, mono, and idle time to thread_info 2019-05-20 21:14:14 +02:00
connection.c BUG/MINOR: connection: correctly retry I/O on signals 2020-02-11 10:26:39 +01:00
da.c REORG: proto_htx: Move HTX analyzers & co to http_ana.{c,h} files 2019-07-19 09:24:12 +02:00
debug.c MEDIUM: tasks: implement 3 different tasklet classes with their own queues 2020-01-30 18:59:33 +01:00
dict.c BUG/MINOR: dict: race condition fix when inserting dictionary entries. 2019-06-11 09:54:12 +02:00
dns.c MINOR: sample: make sample_parse_expr() able to return an end pointer 2020-02-14 19:02:06 +01:00
ev_epoll.c OPTIM: epoll: always poll for recv if neither active nor ready 2019-12-27 16:38:47 +01:00
ev_evports.c MINOR: pollers: add a new flag to indicate pollers reporting ERR & HUP 2019-12-27 14:04:33 +01:00
ev_kqueue.c MINOR: pollers: add a new flag to indicate pollers reporting ERR & HUP 2019-12-27 14:04:33 +01:00
ev_poll.c MINOR: pollers: add a new flag to indicate pollers reporting ERR & HUP 2019-12-27 14:04:33 +01:00
ev_select.c MEDIUM: fd: do not use the FD_POLL_* flags in the pollers anymore 2019-09-06 19:09:56 +02:00
fcgi-app.c BUG/MINOR: acl: Fix type of log message when an acl is named 'or' 2020-02-06 22:16:07 +01:00
fcgi.c MINOR: fcgi: Add code related to FCGI protocol 2019-09-17 10:18:54 +02:00
fd.c BUG/MEDIUM: fd/threads: fix a concurrency issue between add and rm on the same fd 2019-12-20 08:09:28 +01:00
filters.c BUG/MINOR: filters: Count HTTP headers as filtered data but don't forward them 2020-02-18 11:19:57 +01:00
flt_http_comp.c CLEANUP: compression: remove unused deinit_comp_ctx section 2020-01-15 10:58:17 +01:00
flt_spoe.c MINOR: sample: make sample_parse_expr() able to return an end pointer 2020-02-14 19:02:06 +01:00
flt_trace.c MEDIUM: filters: Adapt filters API to allow again TCP filtering on HTX streams 2019-11-15 13:43:08 +01:00
freq_ctr.c BUG/MAJOR: threads/freq_ctr: use a memory barrier to detect changes 2017-10-31 18:01:18 +01:00
frontend.c MINOR: frontend: switch from conn->addr.{from,to} to conn->{src,dst} 2019-07-19 13:50:09 +02:00
h1.c BUG/MINOR: h1: Report the right error position when a header value is invalid 2020-01-06 13:58:21 +01:00
h1_htx.c MEDIUM: h1-htx: Add HTX EOM block when the message is in H1_MSG_DONE state 2019-12-11 16:46:16 +01:00
h2.c BUG/MAJOR: h2: make header field name filtering stronger 2019-11-25 11:11:32 +01:00
haproxy.c MEDIUM: http: Add a ruleset evaluated on all responses just before forwarding 2020-02-06 14:55:34 +01:00
hash.c BUG/MAJOR: hashes: fix the signedness of the hash inputs 2020-01-16 08:23:42 +01:00
hathreads.c BUILD/MEDIUM: threads: rename thread_info struct to ha_thread_info 2019-10-17 07:15:17 +02:00
hlua.c BUILD: lua: silence a warning on systems where longjmp is not marked as noreturn 2020-02-06 16:01:04 +01:00
hlua_fcn.c MEDIUM: cli: Allow multiple filter entries for "show table" 2020-01-22 14:33:17 +01:00
hpack-dec.c CLEANUP: hpack: remove a redundant test in the decoder 2020-02-05 15:39:08 +01:00
hpack-enc.c BUILD: use inttypes.h instead of stdint.h 2019-04-01 07:44:56 +02:00
hpack-huff.c BUILD: use inttypes.h instead of stdint.h 2019-04-01 07:44:56 +02:00
hpack-tbl.c BUILD: use inttypes.h instead of stdint.h 2019-04-01 07:44:56 +02:00
http.c MINOR: http: Add 404 to http-request deny 2020-01-08 16:15:23 +01:00
http_acl.c MEDIUM: init: convert all trivial registration calls to initcalls 2018-11-26 19:50:32 +01:00
http_act.c MINOR: sample: make sample_parse_expr() able to return an end pointer 2020-02-14 19:02:06 +01:00
http_ana.c BUG/MAJOR: http-ana: Always abort the request when a tarpit is triggered 2020-02-21 11:18:08 +01:00
http_conv.c MINOR: sample: add us/ms support to date/http_date 2019-10-31 08:47:31 +01:00
http_fetch.c CLEANUP: h1-htx: Move htx-to-h1 formatting functions from htx.c to h1_htx.c 2019-10-14 22:28:50 +02:00
http_htx.c BUG/MINOR: http-htx: Don't return error if authority is updated without changes 2020-02-18 11:19:57 +01:00
http_rules.c MEDIUM: http: Add a ruleset evaluated on all responses just before forwarding 2020-02-06 14:55:34 +01:00
htx.c MINOR: htx: Add a function to append an HTX message to another one 2020-02-06 14:54:47 +01:00
i386-linux-vsys.c MEDIUM: listener: add support for linux's accept4() syscall 2012-10-08 20:11:03 +02:00
lb_chash.c BUG/MEDIUM: lb-chash: Ensure the tree integrity when server weight is increased 2019-08-01 11:35:29 +02:00
lb_fas.c BUG/MEDIUM: lb_fas: Don't test the server's lb_tree from outside the lock 2019-07-05 14:26:15 +02:00
lb_fwlc.c BUG/MINOR: lb/leastconn: ignore the server weights for empty servers 2019-09-06 17:13:44 +02:00
lb_fwrr.c BUG/MAJOR: lb/threads: make sure the avoided server is not full on second pass 2019-05-27 10:29:59 +02:00
lb_map.c MEDIUM: lb/threads: Use the new _HA_ATOMIC_* macros. 2019-03-11 17:02:38 +01:00
listener.c BUG/MEDIUM: listener: only consider running threads when resuming listeners 2020-02-12 10:21:33 +01:00
log.c MEDIUM: log-format: make the LF parser aware of sample expressions' end 2020-02-14 19:02:06 +01:00
lru.c MINOR: lru: new function to delete <nb> least recently used keys 2016-01-11 07:31:35 +01:00
mailers.c MEDIUM: Add parsing of mailers section 2015-02-03 00:24:16 +01:00
map.c CLEANUP: cli: replace all occurrences of manual handling of return messages 2019-08-09 11:26:10 +02:00
memory.c BUG/MEDIUM: memory: Add a rwlock before freeing memory. 2020-02-01 18:08:34 +01:00
mux_fcgi.c MINOR: mux-fcgi: Make the capture of the path-info optional in pathinfo regex 2020-02-14 18:31:29 +01:00
mux_h1.c BUG/MEDIUM: muxes: Use the right argument when calling the destroy method. 2020-02-14 13:28:38 +01:00
mux_h2.c BUG/MEDIUM: muxes: Use the right argument when calling the destroy method. 2020-02-14 13:28:38 +01:00
mux_pt.c MINOR: connection: remove checks for CO_FL_HANDSHAKE before I/O 2020-01-23 17:30:42 +01:00
mworker-prog.c MEDIUM: mworker-prog: Add user/group options to program section 2019-07-15 16:43:16 +02:00
mworker.c BUG/MINOR: mworker: properly pass SIGTTOU/SIGTTIN to workers 2019-12-11 14:26:53 +01:00
namespace.c BUG/MINOR: namespace: avoid closing fd when socket failed in my_socketat 2020-02-14 04:23:08 +01:00
pattern.c BUILD: pattern: include errno.h 2020-01-17 18:30:06 +01:00
payload.c REORG: proto_htx: Move HTX analyzers & co to http_ana.{c,h} files 2019-07-19 09:24:12 +02:00
peers.c CLEANUP: peers: Remove unused static function free_dcache_tx 2020-02-05 23:40:17 +01:00
pipe.c BUG/MEDIUM: pipe/thread: fix atomicity of pipe counters 2020-01-30 09:15:37 +01:00
proto_sockpair.c BUG/MINOR: listener: enforce all_threads_mask on bind_thread on init 2020-02-12 10:21:49 +01:00
proto_tcp.c MINOR: sample: make sample_parse_expr() able to return an end pointer 2020-02-14 19:02:06 +01:00
proto_udp.c BUG/MEDIUM: proto_udp/threads: recv() and send() must not be exclusive. 2019-12-10 19:09:15 +01:00
proto_uxst.c BUG/MINOR: listener: enforce all_threads_mask on bind_thread on init 2020-02-12 10:21:49 +01:00
protocol.c BUG/MEDIUM: protocols: add a global lock for the init/deinit stuff 2019-07-24 16:45:02 +02:00
proxy.c MEDIUM: http: Add a ruleset evaluated on all responses just before forwarding 2020-02-06 14:55:34 +01:00
queue.c MINOR: sample: make sample_parse_expr() able to return an end pointer 2020-02-14 19:02:06 +01:00
raw_sock.c MEDIUM: raw-sock: remove obsolete calls to fd_{cant,cond,done}_{send,recv} 2020-01-28 19:06:41 +01:00
regex.c MEDIUM: regex: modify regex_comp() to atomically allocate/free the my_regex struct 2019-05-07 06:58:15 +02:00
ring.c MINOR: ring: make the parse function automatically set the handler/release 2019-11-15 15:48:12 +01:00
sample.c BUG/MINOR: sample: exit regsub() in case of trash allocation error 2020-02-18 14:27:44 +01:00
server.c MINOR: sample: make sample_parse_expr() able to return an end pointer 2020-02-14 19:02:06 +01:00
session.c MEDIUM: connection: use CO_FL_WAIT_XPRT more consistently than L4/L6/HANDSHAKE 2020-01-23 16:34:26 +01:00
sha1.c BUILD: use inttypes.h instead of stdint.h 2019-04-01 07:44:56 +02:00
shctx.c CLEANUP: Fix typos in the shctx subsystem 2018-12-02 18:40:29 +01:00
signal.c CLEANUP: Fix a typo in the signal subsystem 2018-12-02 18:39:52 +01:00
sink.c MINOR: ring: make the parse function automatically set the handler/release 2019-11-15 15:48:12 +01:00
ssl_sock.c BUG/MINOR: ssl: Stop passing dynamic strings as format arguments 2020-02-19 11:46:18 +01:00
standard.c BUG/MINOR: unix: better catch situations where the unix socket path length is close to the limit 2020-02-11 06:49:42 +01:00
stats.c CLEANUP: stats: shut up a wrong null-deref warning from gcc 9.2 2020-01-23 11:49:02 +01:00
stick_table.c MINOR: sample: make sample_parse_expr() able to return an end pointer 2020-02-14 19:02:06 +01:00
stream.c BUG/MINOR: stream: Don't incr frontend cum_req counter when stream is closed 2020-02-18 11:56:22 +01:00
stream_interface.c MINOR: connection: remove some unneeded checks for CO_FL_SOCK_WR_SH 2020-01-23 19:01:37 +01:00
task.c MINOR: task: don't set TASK_RUNNING on tasklets 2020-01-31 18:37:03 +01:00
tcp_rules.c MINOR: sample: make sample_parse_expr() able to return an end pointer 2020-02-14 19:02:06 +01:00
time.c MINOR: time: add timeofday_as_iso_us() to return instant time as ISO 2019-09-26 08:13:38 +02:00
trace.c BUG/MEDIUM: trace: fix a typo causing an incorrect startup error 2019-11-25 19:47:22 +01:00
uri_auth.c MINOR: stats: replace the ST_* uri_auth flags with STAT_* 2019-10-10 11:30:07 +02:00
vars.c MINOR: sample: make sample_parse_expr() able to return an end pointer 2020-02-14 19:02:06 +01:00
version.c MINOR: version: make the version strings variables, not constants 2019-10-16 09:56:57 +02:00
wdt.c BUILD/MEDIUM: threads: rename thread_info struct to ha_thread_info 2019-10-17 07:15:17 +02:00
wurfl.c BUG/MINOR: WURFL: fix send_log() function arguments 2019-10-15 10:47:31 +02:00
xprt_handshake.c MINOR: connection: remove CO_FL_SSL_WAIT_HS from CO_FL_HANDSHAKE 2020-01-23 16:34:26 +01:00
xxhash.c BUILD: use inttypes.h instead of stdint.h 2019-04-01 07:44:56 +02:00