From: Christopher Faulet Date: Mon, 25 Apr 2022 12:24:56 +0000 (+0200) Subject: BUG/MINOR: rules: Forbid captures in defaults section if used by a backend X-Git-Tag: v2.6-dev8~90 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=6c10f5c7bcc4da8c782ec09c200dd485e133c403;p=thirdparty%2Fhaproxy.git BUG/MINOR: rules: Forbid captures in defaults section if used by a backend Captures must only be defined in proxies with the frontend capabilities or in defaults sections used by proxies with the frontend capabilities. Thus, an extra check is added to be sure a defaults section defining a capture will never be references by a backend. Note that in this case, only named captures in "tcp-request content" or "http-request" rules are possible. It is not possible in a defaults section to decalre a capture slot. Not yet at least. This patch must be backported to 2.5. It is releated to issue #1674. --- diff --git a/src/cfgparse-listen.c b/src/cfgparse-listen.c index 216e6d8d57..bcc89ba364 100644 --- a/src/cfgparse-listen.c +++ b/src/cfgparse-listen.c @@ -406,6 +406,13 @@ int cfg_parse_listen(const char *file, int linenum, char **args, int kwm) proxy_ref_defaults(curproxy, curr_defproxy); } + if ((rc & PR_CAP_BE) && curr_defproxy && (curr_defproxy->nb_req_cap || curr_defproxy->nb_rsp_cap)) { + ha_alert("parsing [%s:%d]: backend or defaults sections cannot inherit from a defaults section defining" + " capptures (defaults section at %s:%d).\n", + file, linenum, curr_defproxy->conf.file, curr_defproxy->conf.line); + err_code |= ERR_ALERT | ERR_ABORT; + } + if (rc & PR_CAP_DEF) { /* last and current proxies must be updated to this one */ curr_defproxy = last_defproxy = curproxy;