BUG/MINOR: http_ext: unhandled ERR_ABORT in proxy_http_parse_7239()

_proxy_http_parse_7239_expr() helper used in proxy_http_parse_7239()
function may return ERR_ABORT in case of memory error. But the error check
used below is insufficient to catch ERR_ABORT so the function could keep
executing prior to returning ERR_ABORT, which may cause undefined
behavior. Hopefully no sensitive handling is performed in this case so
this bug has very limited impact, but let's fix it anyway.

We now use ERR_CODE mask instead of ERR_FATAL to check if err_code is set
to any kind of error combination that should prevent the function from
further executing.

This may be backported in 2.8 with b2bb9257d2 ("MINOR: proxy/http_ext:
introduce proxy forwarded option")

diff --git a/src/http_ext.c b/src/http_ext.c
index 9d70086c702ac88c1b6f30064fcfa4764589c291..a36751931bc0454824265705da324d315ce78340 100644 (file)
--- a/src/http_ext.c
+++ b/src/http_ext.c
@@ -997,7 +997,7 @@ int proxy_http_parse_7239(char **args, int cur_arg,
                        fwd->p_host.mode = HTTP_7239_HOST_SMP;
                        err_code |= _proxy_http_parse_7239_expr(args, &cur_arg, file, linenum,
                                                                &fwd->p_host.expr_s);
-                       if (err_code & ERR_FATAL)
+                       if (err_code & ERR_CODE)
                                goto out;
                } else if (strcmp(args[cur_arg], "by") == 0) {
                        fwd->p_by.nn_mode = HTTP_7239_FORBY_ORIG;
@@ -1006,7 +1006,7 @@ int proxy_http_parse_7239(char **args, int cur_arg,
                        fwd->p_by.nn_mode = HTTP_7239_FORBY_SMP;
                        err_code |= _proxy_http_parse_7239_expr(args, &cur_arg, file, linenum,
                                                                &fwd->p_by.nn_expr_s);
-                       if (err_code & ERR_FATAL)
+                       if (err_code & ERR_CODE)
                                goto out;
                } else if (strcmp(args[cur_arg], "for") == 0) {
                        fwd->p_for.nn_mode = HTTP_7239_FORBY_ORIG;
@@ -1015,7 +1015,7 @@ int proxy_http_parse_7239(char **args, int cur_arg,
                        fwd->p_for.nn_mode = HTTP_7239_FORBY_SMP;
                        err_code |= _proxy_http_parse_7239_expr(args, &cur_arg, file, linenum,
                                                                &fwd->p_for.nn_expr_s);
-                       if (err_code & ERR_FATAL)
+                       if (err_code & ERR_CODE)
                                goto out;
                } else if (strcmp(args[cur_arg], "by_port") == 0) {
                        fwd->p_by.np_mode = HTTP_7239_FORBY_ORIG;
@@ -1024,7 +1024,7 @@ int proxy_http_parse_7239(char **args, int cur_arg,
                        fwd->p_by.np_mode = HTTP_7239_FORBY_SMP;
                        err_code |= _proxy_http_parse_7239_expr(args, &cur_arg, file, linenum,
                                                                &fwd->p_by.np_expr_s);
-                       if (err_code & ERR_FATAL)
+                       if (err_code & ERR_CODE)
                                goto out;
                } else if (strcmp(args[cur_arg], "for_port") == 0) {
                        fwd->p_for.np_mode = HTTP_7239_FORBY_ORIG;
@@ -1033,7 +1033,7 @@ int proxy_http_parse_7239(char **args, int cur_arg,
                        fwd->p_for.np_mode = HTTP_7239_FORBY_SMP;
                        err_code |= _proxy_http_parse_7239_expr(args, &cur_arg, file, linenum,
                                                                &fwd->p_for.np_expr_s);
-                       if (err_code & ERR_FATAL)
+                       if (err_code & ERR_CODE)
                                goto out;
                } else {
                        /* unknown suboption - catchall */