RepoMirrors/haproxy
1
0
Fork 0
mirror of http://git.haproxy.org/git/haproxy.git/ synced 2024-12-18 09:24:31 +00:00
Code Issues Packages Projects Releases Wiki Activity

MINOR: cli: set tainted when using CLI expert/experimental mode

Browse Source 
Mark the process as tainted as soon as a command command only accessible
in expert or experimental mode is executed.
This commit is contained in:
Amaury Denoyelle 2021-05-05 16:29:23 +02:00
parent 0351773534
commit f492992065
2 changed files with 7 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
include/haproxy/global.h
View File

@ -100,6 +100,8 @@ static inline unsigned long thread_mask(unsigned long mask)
enum tainted_flags {
TAINTED_CONFIG_EXP_KW_DECLARED = 0x1,
TAINTED_ACTION_EXP_EXECUTED = 0x2,
TAINTED_CLI_EXPERT_MODE = 0x4,
TAINTED_CLI_EXPERIMENTAL_MODE = 0x8,
};
void mark_tainted(const enum tainted_flags flag);
unsigned int get_tainted();

5
src/cli.c
View File

@ -739,6 +739,11 @@ static int cli_parse_request(struct appctx *appctx)
return 0;
}
if (kw->level == ACCESS_EXPERT)
mark_tainted(TAINTED_CLI_EXPERT_MODE);
else if (kw->level == ACCESS_EXPERIMENTAL)
mark_tainted(TAINTED_CLI_EXPERIMENTAL_MODE);
appctx->io_handler = kw->io_handler;
appctx->io_release = kw->io_release;