BUG/MEDIUM: lua: Lua applets must not fetch samples using http_txn

If a sample fetch needing http_txn is called from an HTTP Lua applet,
the result will be invalid and may even cause a crash because some HTTP
data can be forwarded and the HTTP txn is no longer valid.

Here the solution is to ensure that a fetch called from Lua never
needs http_txn. This is done thanks to a new flag HLUA_F_MAY_USE_HTTP
which indicates whether or not it is safe to call a fetch which needs
HTTP.

This fix needs to be backported to 1.6.

include/types/hlua.h

@@ -30,6 +30,7 @@ struct stream;
 #define HLUA_MUST_GC   0x00000020
 
 #define HLUA_F_AS_STRING    0x01
+#define HLUA_F_MAY_USE_HTTP 0x02
 
 enum hlua_exec {
 	HLUA_E_OK = 0,

src/hlua.c

@@ -3009,6 +3009,14 @@ __LJMP static int hlua_run_sample_fetch(lua_State *L)
 	/* Get traditionnal arguments. */
 	hsmp = MAY_LJMP(hlua_checkfetches(L, 1));
 
+	/* Check execution authorization. */
+	if (f->use & SMP_USE_HTTP_ANY &&
+	    !(hsmp->flags & HLUA_F_MAY_USE_HTTP)) {
+		lua_pushfstring(L, "the sample-fetch '%s' needs an HTTP parser which "
+		                   "is not available in Lua services", f->kw);
+		WILL_LJMP(lua_error(L));
+	}
+
 	/* Get extra arguments. */
 	for (i = 0; i < lua_gettop(L) - 1; i++) {
 		if (i >= ARGM_NBARGS)
@@ -4628,13 +4636,13 @@ static int hlua_txn_new(lua_State *L, struct stream *s, struct proxy *p, int dir
 
 	/* Create the "f" field that contains a list of fetches. */
 	lua_pushstring(L, "f");
-	if (!hlua_fetches_new(L, htxn, 0))
+	if (!hlua_fetches_new(L, htxn, HLUA_F_MAY_USE_HTTP))
 		return 0;
 	lua_rawset(L, -3);
 
 	/* Create the "sf" field that contains a list of stringsafe fetches. */
 	lua_pushstring(L, "sf");
-	if (!hlua_fetches_new(L, htxn, HLUA_F_AS_STRING))
+	if (!hlua_fetches_new(L, htxn, HLUA_F_MAY_USE_HTTP | HLUA_F_AS_STRING))
 		return 0;
 	lua_rawset(L, -3);