From 2039bba41ba0e1fd0b909a2224a0e3cf82888dd7 Mon Sep 17 00:00:00 2001 From: Willy Tarreau <w@1wt.eu> Date: Sun, 11 May 2014 09:43:46 +0200 Subject: [PATCH] MEDIUM: acl: strenghten the option parser to report invalid options Whatever ACL option beginning with a '-' is considered as a pattern if it does not match a known option. This is a big problem because typos are silently ignored, such as "-" or "-mi". Better clearly check the complete option name and report a parsing error if the option is unknown. --- src/acl.c | 19 +++++++++++-------- 1 file changed, 11 insertions(+), 8 deletions(-) diff --git a/src/acl.c b/src/acl.c index 10632a7a1..7d1736ef9 100644 --- a/src/acl.c +++ b/src/acl.c @@ -444,11 +444,11 @@ struct acl_expr *parse_acl_expr(const char **args, char **err, struct arg_list * is_loaded = 0; unique_id = -1; while (**args == '-') { - if ((*args)[1] == 'i') + if (strcmp(*args, "-i") == 0) patflags |= PAT_MF_IGNORE_CASE; - else if ((*args)[1] == 'n') + else if (strcmp(*args, "-n") == 0) patflags |= PAT_MF_NO_DNS; - else if ((*args)[1] == 'u') { + else if (strcmp(*args, "-u") == 0) { unique_id = strtol(args[1], &error, 10); if (*error != '\0') { memprintf(err, "the argument of -u must be an integer"); @@ -463,7 +463,7 @@ struct acl_expr *parse_acl_expr(const char **args, char **err, struct arg_list * args++; } - else if ((*args)[1] == 'f') { + else if (strcmp(*args, "-f") == 0) { if (!expr->pat.parse) { memprintf(err, "matching method must be specified first (using '-m') when using a sample fetch of this type ('%s')", expr->kw); goto out_free_expr; @@ -474,7 +474,7 @@ struct acl_expr *parse_acl_expr(const char **args, char **err, struct arg_list * is_loaded = 1; args++; } - else if ((*args)[1] == 'm') { + else if (strcmp(*args, "-m") == 0) { int idx; if (is_loaded) { @@ -501,15 +501,18 @@ struct acl_expr *parse_acl_expr(const char **args, char **err, struct arg_list * expr->pat.expect_type = pat_match_types[idx]; args++; } - else if ((*args)[1] == 'M') { + else if (strcmp(*args, "-M") == 0) { load_as_map = 1; } - else if ((*args)[1] == '-') { + else if (strcmp(*args, "--") == 0) { args++; break; } - else + else { + memprintf(err, "'%s' is not a valid ACL option. Please use '--' before any pattern beginning with a '-'", args[0]); + goto out_free_expr; break; + } args++; }