From: Thierry FOURNIER <thierry.fournier@ozon.io>
Date: Thu, 14 Jul 2016 09:45:33 +0000 (+0200)
Subject: BUG/MEDIUM: lua: the function txn_done() from action wrapper can crash
X-Git-Tag: v1.7-dev4~37
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=9bd52d478b2561666633f21086b60a1b488a25b7;p=thirdparty%2Fhaproxy.git

BUG/MEDIUM: lua: the function txn_done() from action wrapper can crash

If an action wrapper stops the processing of the transaction
with a txn_done() function, the return code of the action is
"continue". So the continue can implies the processing of other
like adding headers. However, the HTTP content is flushed and
a segfault occurs.

This patchs add a flag indicating that the Lua code want to
stop the processing, ths flags is forwarded to the haproxy core,
and other actions are ignored.

Must be backported in 1.6
---

diff --git a/include/types/hlua.h b/include/types/hlua.h
index b22e03e7d8..698786dd8d 100644
--- a/include/types/hlua.h
+++ b/include/types/hlua.h
@@ -31,6 +31,7 @@ struct stream;
 #define HLUA_WAKEREQWR 0x00000008
 #define HLUA_EXIT      0x00000010
 #define HLUA_MUST_GC   0x00000020
+#define HLUA_STOP      0x00000040
 
 #define HLUA_F_AS_STRING    0x01
 #define HLUA_F_MAY_USE_HTTP 0x02
diff --git a/src/hlua.c b/src/hlua.c
index f9a317d65f..5cbfcfef9e 100644
--- a/src/hlua.c
+++ b/src/hlua.c
@@ -4810,10 +4810,12 @@ __LJMP static int hlua_txn_set_mark(lua_State *L)
 __LJMP static int hlua_txn_done(lua_State *L)
 {
 	struct hlua_txn *htxn;
+	struct hlua *hlua;
 	struct channel *ic, *oc;
 
 	MAY_LJMP(check_args(L, 1, "close"));
 	htxn = MAY_LJMP(hlua_checktxn(L, 1));
+	hlua = hlua_gethlua(L);
 
 	/* If the flags NOTERM is set, we cannot terminate the http
 	 * session, so we just end the execution of the current
@@ -4857,6 +4859,7 @@ __LJMP static int hlua_txn_done(lua_State *L)
 
 	ic->analysers = 0;
 
+	hlua->flags |= HLUA_STOP;
 	WILL_LJMP(hlua_done(L));
 	return 0;
 }
@@ -5555,6 +5558,8 @@ static enum act_return hlua_action(struct act_rule *rule, struct proxy *px,
 	case HLUA_E_OK:
 		if (!hlua_check_proto(s, dir))
 			return ACT_RET_ERR;
+		if (s->hlua.flags & HLUA_STOP)
+			return ACT_RET_STOP;
 		return ACT_RET_CONT;
 
 	/* yield. */