MINOR: sample: Validate the number of bits for the sha2 converter

Instead of failing the conversion when an invalid number of bits is given the sha2 converter now fails with an appropriate error message during startup. The sha2 converter was introduced in d437630237, which is in 2.1 and higher.
2019-12-17 12:31:20 +01:00 · 2019-12-17 12:31:20 +01:00 · cd3732456b
parent 46dfd78cbf
commit cd3732456b
2 changed files with 25 additions and 5 deletions
--- a/reg-tests/converter/sha2.vtc
+++ b/reg-tests/converter/sha2.vtc
@ -8,7 +8,7 @@ feature ignore_unknown_macro
 server s1 {
 	rxreq
 	txresp
-} -repeat 3 -start
+} -repeat 2 -start

 haproxy h1 -conf {
    defaults
@ -28,7 +28,6 @@ haproxy h1 -conf {
 	http-response set-header SHA2-256   "%[var(txn.hash),sha2(256),hex,lower]"
 	http-response set-header SHA2-384   "%[var(txn.hash),sha2(384),hex,lower]"
 	http-response set-header SHA2-512   "%[var(txn.hash),sha2(512),hex,lower]"
-	http-response set-header SHA2-invalid   "%[var(txn.hash),sha2(1),hex,lower]"

 	default_backend be

@ -46,7 +45,6 @@ client c1 -connect ${h1_fe_sock} {
 	expect resp.http.sha2-256 == "6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b"
 	expect resp.http.sha2-384 == "47f05d367b0c32e438fb63e6cf4a5f35c2aa2f90dc7543f8a41a0f95ce8a40a313ab5cf36134a2068c4c969cb50db776"
 	expect resp.http.sha2-512 == "4dff4ea340f0a823f15d3f4f01ab62eae0e5da579ccb851f8db9dfe84c58b2b37b89903a740e1ee172da793a6e79d560e5f7f9bd058a12a280433ed6fa46510a"
-	expect resp.http.sha2-invalid == ""
 	txreq -url "/" \
 	  -hdr "Hash: 2"
 	rxresp
@ -56,5 +54,4 @@ client c1 -connect ${h1_fe_sock} {
 	expect resp.http.sha2-256 == "d4735e3a265e16eee03f59718b9b5d03019c07d8b6c51f90da3a666eec13ab35"
 	expect resp.http.sha2-384 == "d063457705d66d6f016e4cdd747db3af8d70ebfd36badd63de6c8ca4a9d8bfb5d874e7fbd750aa804dcaddae7eeef51e"
 	expect resp.http.sha2-512 == "40b244112641dd78dd4f93b6c9190dd46e0099194d5a44257b7efad6ef9ff4683da1eda0244448cb343aa688f5d3efd7314dafe580ac0bcbf115aeca9e8dc114"
-	expect resp.http.sha2-invalid == ""
 } -run
--- a/src/sample.c
+++ b/src/sample.c
@ -1531,6 +1531,29 @@ static int sample_conv_sha1(const struct arg *arg_p, struct sample *smp, void *p
 }

 #ifdef USE_OPENSSL
+static int smp_check_sha2(struct arg *args, struct sample_conv *conv,
+                          const char *file, int line, char **err)
+{
+	if (args[0].type == ARGT_STOP)
+		return 1;
+	if (args[0].type != ARGT_SINT) {
+		memprintf(err, "Invalid type '%s'", arg_type_names[args[0].type]);
+		return 0;
+	}
+
+	switch (args[0].data.sint) {
+		case 224:
+		case 256:
+		case 384:
+		case 512:
+			/* this is okay */
+			return 1;
+		default:
+			memprintf(err, "Unsupported number of bits: '%lld'", args[0].data.sint);
+			return 0;
+	}
+}
+
 static int sample_conv_sha2(const struct arg *arg_p, struct sample *smp, void *private)
 {
 	struct buffer *trash = get_trash_chunk();
@ -3362,7 +3385,7 @@ static struct sample_conv_kw_list sample_conv_kws = {ILH, {
 	{ "regsub", sample_conv_regsub,    ARG3(2,REG,STR,STR), sample_conv_regsub_check, SMP_T_STR, SMP_T_STR },
 	{ "sha1",   sample_conv_sha1,      0,            NULL, SMP_T_BIN,  SMP_T_BIN  },
 #ifdef USE_OPENSSL
-	{ "sha2",   sample_conv_sha2,      ARG1(0, SINT),            NULL, SMP_T_BIN,  SMP_T_BIN  },
+	{ "sha2",   sample_conv_sha2,      ARG1(0, SINT), smp_check_sha2, SMP_T_BIN,  SMP_T_BIN  },
 #endif
 	{ "concat", sample_conv_concat,    ARG3(1,STR,STR,STR), smp_check_concat, SMP_T_STR,  SMP_T_STR },
 	{ "strcmp", sample_conv_strcmp,    ARG1(1,STR), smp_check_strcmp, SMP_T_STR,  SMP_T_SINT },