From ca98866bcf80fd13998adcacc0a8d7213714c974 Mon Sep 17 00:00:00 2001 From: Thierry FOURNIER Date: Sun, 20 Dec 2015 18:43:03 +0100 Subject: [PATCH] BUG/MEDIUM: lua: Lua applets must not fetch samples using http_txn If a sample fetch needing http_txn is called from an HTTP Lua applet, the result will be invalid and may even cause a crash because some HTTP data can be forwarded and the HTTP txn is no longer valid. Here the solution is to ensure that a fetch called from Lua never needs http_txn. This is done thanks to a new flag HLUA_F_MAY_USE_HTTP which indicates whether or not it is safe to call a fetch which needs HTTP. This fix needs to be backported to 1.6. --- include/types/hlua.h | 1 + src/hlua.c | 12 ++++++++++-- 2 files changed, 11 insertions(+), 2 deletions(-) diff --git a/include/types/hlua.h b/include/types/hlua.h index fd7b7d3c5..a92362465 100644 --- a/include/types/hlua.h +++ b/include/types/hlua.h @@ -30,6 +30,7 @@ struct stream; #define HLUA_MUST_GC 0x00000020 #define HLUA_F_AS_STRING 0x01 +#define HLUA_F_MAY_USE_HTTP 0x02 enum hlua_exec { HLUA_E_OK = 0, diff --git a/src/hlua.c b/src/hlua.c index 43c73f6e2..ae49caae0 100644 --- a/src/hlua.c +++ b/src/hlua.c @@ -3009,6 +3009,14 @@ __LJMP static int hlua_run_sample_fetch(lua_State *L) /* Get traditionnal arguments. */ hsmp = MAY_LJMP(hlua_checkfetches(L, 1)); + /* Check execution authorization. */ + if (f->use & SMP_USE_HTTP_ANY && + !(hsmp->flags & HLUA_F_MAY_USE_HTTP)) { + lua_pushfstring(L, "the sample-fetch '%s' needs an HTTP parser which " + "is not available in Lua services", f->kw); + WILL_LJMP(lua_error(L)); + } + /* Get extra arguments. */ for (i = 0; i < lua_gettop(L) - 1; i++) { if (i >= ARGM_NBARGS) @@ -4628,13 +4636,13 @@ static int hlua_txn_new(lua_State *L, struct stream *s, struct proxy *p, int dir /* Create the "f" field that contains a list of fetches. */ lua_pushstring(L, "f"); - if (!hlua_fetches_new(L, htxn, 0)) + if (!hlua_fetches_new(L, htxn, HLUA_F_MAY_USE_HTTP)) return 0; lua_rawset(L, -3); /* Create the "sf" field that contains a list of stringsafe fetches. */ lua_pushstring(L, "sf"); - if (!hlua_fetches_new(L, htxn, HLUA_F_AS_STRING)) + if (!hlua_fetches_new(L, htxn, HLUA_F_MAY_USE_HTTP | HLUA_F_AS_STRING)) return 0; lua_rawset(L, -3);