haproxy public development tree
Go to file
Willy Tarreau dc70c18ddc BUG/MEDIUM: cfgcond: limit recursion level in the condition expression parser
Oss-fuzz reports in issue 36328 that we can recurse too far by passing
extremely deep expressions to the ".if" parser. I thought we were still
limited to the 1024 chars per line, that would be highly sufficient, but
we don't have any limit now :-/

Let's just pass a maximum recursion counter to the recursive parsers.
It's decremented for each call and the expression fails if it reaches
zero. On the most complex paths it can add 3 levels per parenthesis,
so with a limit of 1024, that's roughly 343 nested sub-expressions that
are supported in the worst case. That's more than sufficient, for just
a few kB of RAM.

No backport is needed.
2021-07-20 18:03:08 +02:00
.github DOC: Replace issue templates by issue forms 2021-06-24 04:15:04 +02:00
addons BUG/MEDIUM: opentracing: initialization before establishing daemon and/or chroot mode 2021-06-10 06:45:39 +02:00
admin MAJOR: config: remove parsing of the global "nbproc" directive 2021-06-11 17:02:13 +02:00
dev CLEANUP: dev/flags: remove useless test in the stdin number parser 2021-04-03 15:29:10 +02:00
doc MEDIUM: proxy: remove long-broken 'option http_proxy' 2021-07-18 19:35:32 +02:00
examples MEDIUM: proxy: remove long-broken 'option http_proxy' 2021-07-18 19:35:32 +02:00
include BUG/MEDIUM: cfgcond: limit recursion level in the condition expression parser 2021-07-20 18:03:08 +02:00
reg-tests REGTESTS: add more complex check conditions to check_conditions.vtc 2021-07-17 11:01:47 +02:00
scripts CI: ssl: keep the old method for ancient OpenSSL versions 2021-06-17 15:40:53 +02:00
src BUG/MEDIUM: cfgcond: limit recursion level in the condition expression parser 2021-07-20 18:03:08 +02:00
tests MINOR: config: reject long-deprecated "option forceclose" 2021-06-11 16:57:34 +02:00
.cirrus.yml CI: introduce scripts/build-vtest.sh for installing VTest 2021-05-18 10:48:30 +02:00
.gitattributes MINOR: Configure the cpp userdiff driver for *.[ch] in .gitattributes 2021-02-22 18:17:57 +01:00
.gitignore ADDONS: make addons/ discoverable by git via .gitignore 2021-05-07 16:48:14 +02:00
.travis.yml CI: introduce scripts/build-vtest.sh for installing VTest 2021-05-18 10:48:30 +02:00
BRANCHES
CHANGELOG [RELEASE] Released version 2.5-dev2 2021-07-17 12:35:11 +02:00
CONTRIBUTING CLEANUP: contrib: remove the last references to the now dead contrib/ directory 2021-04-21 15:13:58 +02:00
INSTALL CLEANUP: shctx: remove the different inter-process locking techniques 2021-06-15 16:52:42 +02:00
LICENSE
MAINTAINERS CONTRIB: move spoa_example out of the tree 2021-04-21 09:39:06 +02:00
Makefile REORG: config: move the condition preprocessing code to its own file 2021-07-16 19:18:41 +02:00
README
ROADMAP
SUBVERS
VERDATE [RELEASE] Released version 2.5-dev2 2021-07-17 12:35:11 +02:00
VERSION [RELEASE] Released version 2.5-dev2 2021-07-17 12:35:11 +02:00

The HAProxy documentation has been split into a number of different files for
ease of use.

Please refer to the following files depending on what you're looking for :

  - INSTALL for instructions on how to build and install HAProxy
  - BRANCHES to understand the project's life cycle and what version to use
  - LICENSE for the project's license
  - CONTRIBUTING for the process to follow to submit contributions

The more detailed documentation is located into the doc/ directory :

  - doc/intro.txt for a quick introduction on HAProxy
  - doc/configuration.txt for the configuration's reference manual
  - doc/lua.txt for the Lua's reference manual
  - doc/SPOE.txt for how to use the SPOE engine
  - doc/network-namespaces.txt for how to use network namespaces under Linux
  - doc/management.txt for the management guide
  - doc/regression-testing.txt for how to use the regression testing suite
  - doc/peers.txt for the peers protocol reference
  - doc/coding-style.txt for how to adopt HAProxy's coding style
  - doc/internals for developer-specific documentation (not all up to date)