From: Aurelien DARRAGON <adarragon@haproxy.com>
Date: Mon, 4 Mar 2024 10:06:24 +0000 (+0100)
Subject: BUG/MINOR: hlua: improper lock usage in hlua_filter_callback()
X-Git-Tag: v3.0-dev5~34
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=51f291c795570d7da9cc230616a41d55eca93f1a;p=thirdparty%2Fhaproxy.git

BUG/MINOR: hlua: improper lock usage in hlua_filter_callback()

In hlua_filter_callback(), some lua stack work is performed under
SET_SAFE_LJMP() guard which also takes care of locking the hlua context
when needed. However, a lua_gettop() call is performed out of the guard,
thus it is unsafe in multithreading context if the script is loaded using
'lua-load' because in this case the main lua stack is shared between
threads and each access to a lua stack must be performed under the lock,
thus we move lua_gettop() call under the lock.

It should be backported up to 2.6.
---

diff --git a/src/hlua.c b/src/hlua.c
index 6c7a879134..1b86e91992 100644
--- a/src/hlua.c
+++ b/src/hlua.c
@@ -12000,7 +12000,7 @@ static int hlua_filter_callback(struct stream *s, struct filter *filter, const c
 		goto end;
 
 	if (!HLUA_IS_RUNNING(flt_hlua)) {
-		int extra_idx = lua_gettop(flt_hlua->T);
+		int extra_idx;
 
 		/* The following Lua calls can fail. */
 		if (!SET_SAFE_LJMP(flt_hlua)) {
@@ -12014,6 +12014,8 @@ static int hlua_filter_callback(struct stream *s, struct filter *filter, const c
 			goto end;
 		}
 
+		extra_idx = lua_gettop(flt_hlua->T);
+
 		/* Check stack size. */
 		if (!lua_checkstack(flt_hlua->T, 3)) {
 			SEND_ERR(s->be, "Lua filter '%s': full stack.\n", conf->reg->name);