BUG/MEDIUM: lua: Lua applets must not fetch samples using http_txn

If a sample fetch needing http_txn is called from an HTTP Lua applet,
the result will be invalid and may even cause a crash because some HTTP
data can be forwarded and the HTTP txn is no longer valid.

Here the solution is to ensure that a fetch called from Lua never
needs http_txn. This is done thanks to a new flag HLUA_F_MAY_USE_HTTP
which indicates whether or not it is safe to call a fetch which needs
HTTP.

This fix needs to be backported to 1.6.

diff --git a/include/types/hlua.h b/include/types/hlua.h
index fd7b7d3c52b350fba699cc18b6d78972a066b997..a923624652fe221e29064d95130f120e0c56347e 100644 (file)
--- a/include/types/hlua.h
+++ b/include/types/hlua.h
@@ -30,6 +30,7 @@ struct stream;
 #define HLUA_MUST_GC   0x00000020
 
 #define HLUA_F_AS_STRING    0x01
+#define HLUA_F_MAY_USE_HTTP 0x02
 
 enum hlua_exec {
        HLUA_E_OK = 0,

diff --git a/src/hlua.c b/src/hlua.c
index 43c73f6e28a0fc14fb81ff868b901c287cedacfb..ae49caae03b202f3aa3fa0c2ff57c000fb799d4d 100644 (file)
--- a/src/hlua.c
+++ b/src/hlua.c
@@ -3009,6 +3009,14 @@ __LJMP static int hlua_run_sample_fetch(lua_State *L)
        /* Get traditionnal arguments. */
        hsmp = MAY_LJMP(hlua_checkfetches(L, 1));
 
+       /* Check execution authorization. */
+       if (f->use & SMP_USE_HTTP_ANY &&
+           !(hsmp->flags & HLUA_F_MAY_USE_HTTP)) {
+               lua_pushfstring(L, "the sample-fetch '%s' needs an HTTP parser which "
+                                  "is not available in Lua services", f->kw);
+               WILL_LJMP(lua_error(L));
+       }
+
        /* Get extra arguments. */
        for (i = 0; i < lua_gettop(L) - 1; i++) {
                if (i >= ARGM_NBARGS)
@@ -4628,13 +4636,13 @@ static int hlua_txn_new(lua_State *L, struct stream *s, struct proxy *p, int dir
 
        /* Create the "f" field that contains a list of fetches. */
        lua_pushstring(L, "f");
-       if (!hlua_fetches_new(L, htxn, 0))
+       if (!hlua_fetches_new(L, htxn, HLUA_F_MAY_USE_HTTP))
                return 0;
        lua_rawset(L, -3);
 
        /* Create the "sf" field that contains a list of stringsafe fetches. */
        lua_pushstring(L, "sf");
-       if (!hlua_fetches_new(L, htxn, HLUA_F_AS_STRING))
+       if (!hlua_fetches_new(L, htxn, HLUA_F_MAY_USE_HTTP | HLUA_F_AS_STRING))
                return 0;
        lua_rawset(L, -3);