mirror of
http://git.haproxy.org/git/haproxy.git/
synced 2024-12-26 06:32:13 +00:00
BUG/MINOR: hlua: unsafe hlua_lua2smp() usage
Fixing hlua_lua2smp() usage in hlua's code since it was assumed that hlua_lua2smp() makes a standalone smp out of lua data, but it is not the case. This is especially true when dealing with lua strings (string is extracted using lua_tolstring() which returns a pointer to lua string memory location that may be reclaimed by lua at any time when no longer used from lua's point of view). Thus, smp generated by hlua_lua2smp() may only be used from the lua context where the call was initially made, else it should be explicitly duplicated before exporting it out of lua's context to ensure safe (standalone) usage. This should be backported to all stable versions.
This commit is contained in:
parent
a3624cb528
commit
1c07da4b48
20
src/hlua.c
20
src/hlua.c
@ -4689,7 +4689,9 @@ __LJMP static int hlua_applet_tcp_set_var(lua_State *L)
|
||||
memset(&smp, 0, sizeof(smp));
|
||||
hlua_lua2smp(L, 3, &smp);
|
||||
|
||||
/* Store the sample in a variable. */
|
||||
/* Store the sample in a variable. We don't need to dup the smp, vars API
|
||||
* already takes care of duplicating dynamic var data.
|
||||
*/
|
||||
smp_set_owner(&smp, s->be, s->sess, s, 0);
|
||||
|
||||
if (lua_gettop(L) == 4 && lua_toboolean(L, 4))
|
||||
@ -5178,7 +5180,9 @@ __LJMP static int hlua_applet_http_set_var(lua_State *L)
|
||||
memset(&smp, 0, sizeof(smp));
|
||||
hlua_lua2smp(L, 3, &smp);
|
||||
|
||||
/* Store the sample in a variable. */
|
||||
/* Store the sample in a variable. We don't need to dup the smp, vars API
|
||||
* already takes care of duplicating dynamic var data.
|
||||
*/
|
||||
smp_set_owner(&smp, s->be, s->sess, s, 0);
|
||||
|
||||
if (lua_gettop(L) == 4 && lua_toboolean(L, 4))
|
||||
@ -7783,7 +7787,9 @@ __LJMP static int hlua_set_var(lua_State *L)
|
||||
memset(&smp, 0, sizeof(smp));
|
||||
hlua_lua2smp(L, 3, &smp);
|
||||
|
||||
/* Store the sample in a variable. */
|
||||
/* Store the sample in a variable. We don't need to dup the smp, vars API
|
||||
* already takes care of duplicating dynamic var data.
|
||||
*/
|
||||
smp_set_owner(&smp, htxn->p, htxn->s->sess, htxn->s, htxn->dir & SMP_OPT_DIR);
|
||||
|
||||
if (lua_gettop(L) == 4 && lua_toboolean(L, 4))
|
||||
@ -9777,6 +9783,10 @@ static int hlua_sample_conv_wrapper(const struct arg *arg_p, struct sample *smp,
|
||||
|
||||
/* Convert the returned value in sample. */
|
||||
hlua_lua2smp(stream->hlua->T, -1, smp);
|
||||
/* dup the smp before popping the related lua value and
|
||||
* returning it to haproxy
|
||||
*/
|
||||
smp_dup(smp);
|
||||
lua_pop(stream->hlua->T, 1);
|
||||
return 1;
|
||||
|
||||
@ -9912,6 +9922,10 @@ static int hlua_sample_fetch_wrapper(const struct arg *arg_p, struct sample *smp
|
||||
|
||||
/* Convert the returned value in sample. */
|
||||
hlua_lua2smp(stream->hlua->T, -1, smp);
|
||||
/* dup the smp before popping the related lua value and
|
||||
* returning it to haproxy
|
||||
*/
|
||||
smp_dup(smp);
|
||||
lua_pop(stream->hlua->T, 1);
|
||||
|
||||
/* Set the end of execution flag. */
|
||||
|
Loading…
Reference in New Issue
Block a user