From: William Lallemand <wlallemand@haproxy.org>
Date: Wed, 24 Nov 2021 15:14:24 +0000 (+0100)
Subject: BUG/MINOR: lua: don't expose internal proxies
X-Git-Tag: v2.6-dev1~377
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=82d5f013f96d38867985469bf47bd36ff199a256;p=thirdparty%2Fhaproxy.git

BUG/MINOR: lua: don't expose internal proxies

Since internal proxies are now in the global proxy list, they are now
reachable from core.proxies, core.backends, core.frontends.

This patch fixes the issue by checking the PR_CAP_INT flag before
exposing them in lua, so the user can't have access to them.

This patch must be backported in 2.5.
---

diff --git a/src/hlua_fcn.c b/src/hlua_fcn.c
index 42fb920f86..4c16d90a87 100644
--- a/src/hlua_fcn.c
+++ b/src/hlua_fcn.c
@@ -1396,6 +1396,8 @@ int hlua_fcn_post_init(lua_State *L)
 
 	/* List all proxies. */
 	for (px = proxies_list; px; px = px->next) {
+		if (px->cap & PR_CAP_INT)
+			continue;
 		lua_pushstring(L, px->id);
 		hlua_fcn_new_proxy(L, px);
 		lua_settable(L, -3);
@@ -1410,7 +1412,7 @@ int hlua_fcn_post_init(lua_State *L)
 
 	/* List all proxies. */
 	for (px = proxies_list; px; px = px->next) {
-		if (!(px->cap & PR_CAP_FE))
+		if (!(px->cap & PR_CAP_FE) || (px->cap & PR_CAP_INT))
 			continue;
 		lua_pushstring(L, px->id);
 		hlua_fcn_new_proxy(L, px);
@@ -1426,7 +1428,7 @@ int hlua_fcn_post_init(lua_State *L)
 
 	/* List all proxies. */
 	for (px = proxies_list; px; px = px->next) {
-		if (!(px->cap & PR_CAP_BE))
+		if (!(px->cap & PR_CAP_BE) || (px->cap & PR_CAP_INT))
 			continue;
 		lua_pushstring(L, px->id);
 		hlua_fcn_new_proxy(L, px);