From: Willy Tarreau <w@1wt.eu>
Date: Wed, 30 Oct 2013 18:30:32 +0000 (+0100)
Subject: BUG/MEDIUM: acl: do not evaluate next terms after a miss
X-Git-Tag: v1.5-dev20~251
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=79c412b67380c0e316863b060d31980b5fa3deb6;p=thirdparty%2Fhaproxy.git

BUG/MEDIUM: acl: do not evaluate next terms after a miss

When a condition does something like :

   action if A B C || D E F

If B returns a miss (can't tell true or false), C must not
be evaluated. This is important when C has a side effect
(eg: sc*_inc_gpc0). However the second part after the ||
can still be evaluated.
---

diff --git a/src/acl.c b/src/acl.c
index e6cbd306ae..4d7216f178 100644
--- a/src/acl.c
+++ b/src/acl.c
@@ -1779,8 +1779,8 @@ int acl_exec_cond(struct acl_cond *cond, struct proxy *px, struct session *l4, v
 
 			suite_res &= acl_res;
 
-			/* we're ANDing these terms, so a single FAIL is enough */
-			if (suite_res == ACL_PAT_FAIL)
+			/* we're ANDing these terms, so a single FAIL or MISS is enough */
+			if (suite_res != ACL_PAT_PASS)
 				break;
 		}
 		cond_res |= suite_res;