BUG/MINOR: http-rules: Remove buggy deinit functions for HTTP rules

Functions to deinitialize the HTTP rules are buggy. These functions does not
check the action name to release the right part in the arg union. Only few info
are released. For auth rules, the realm is released and there is no problem
here. But the regex <arg.hdr_add.re> is always unconditionally released. So it
is easy to make these functions crash. For instance, with the following rule
HAProxy crashes during the deinit :

      http-request set-map(/path/to/map) %[src] %[req.hdr(X-Value)]

For now, These functions are simply removed and we rely on the deinit function
used for TCP rules (renamed as deinit_act_rules()). This patch fixes the
bug. But arguments used by actions are not released at all, this part will be
addressed later.

This patch must be backported to all stable versions.

diff --git a/include/proto/http_rules.h b/include/proto/http_rules.h
index 5e03dd813c279a59ce383573641f26e158cda01a..608ca57607b2b2cc5ad0d2f90ba08921c6d1f898 100644 (file)
--- a/include/proto/http_rules.h
+++ b/include/proto/http_rules.h
@@ -32,8 +32,6 @@ extern struct action_kw_list http_res_keywords;
 
 struct act_rule *parse_http_req_cond(const char **args, const char *file, int linenum, struct proxy *proxy);
 struct act_rule *parse_http_res_cond(const char **args, const char *file, int linenum, struct proxy *proxy);
-void free_http_req_rules(struct list *r);
-void free_http_res_rules(struct list *r);
 struct redirect_rule *http_parse_redirect_rule(const char *file, int linenum, struct proxy *curproxy,
                                                const char **args, char **errmsg, int use_fmt, int dir);
 

diff --git a/src/haproxy.c b/src/haproxy.c
index 05268e1e7ea4e1d1f62399ec04a629d64b2cae5b..70d4beda3410fdd9dd31885b0c0fefeb0a04189e 100644 (file)
--- a/src/haproxy.c
+++ b/src/haproxy.c
@@ -2286,14 +2286,14 @@ static void deinit_acl_cond(struct acl_cond *cond)
        free(cond);
 }
 
-static void deinit_tcp_rules(struct list *rules)
+static void deinit_act_rules(struct list *rules)
 {
-       struct act_rule *trule, *truleb;
+       struct act_rule *rule, *ruleb;
 
-       list_for_each_entry_safe(trule, truleb, rules, list) {
-               LIST_DEL(&trule->list);
-               deinit_acl_cond(trule->cond);
-               free(trule);
+       list_for_each_entry_safe(rule, ruleb, rules, list) {
+               LIST_DEL(&rule->list);
+               deinit_acl_cond(rule->cond);
+               free(rule);
        }
 }
 
@@ -2438,9 +2438,12 @@ void deinit(void)
                        free(lf);
                }
 
-               deinit_tcp_rules(&p->tcp_req.inspect_rules);
-               deinit_tcp_rules(&p->tcp_rep.inspect_rules);
-               deinit_tcp_rules(&p->tcp_req.l4_rules);
+               deinit_act_rules(&p->tcp_req.inspect_rules);
+               deinit_act_rules(&p->tcp_rep.inspect_rules);
+               deinit_act_rules(&p->tcp_req.l4_rules);
+               deinit_act_rules(&p->tcp_req.l5_rules);
+               deinit_act_rules(&p->http_req_rules);
+               deinit_act_rules(&p->http_res_rules);
 
                deinit_stick_rules(&p->storersp_rules);
                deinit_stick_rules(&p->sticking_rules);
@@ -2542,8 +2545,6 @@ void deinit(void)
                free(p->desc);
                free(p->fwdfor_hdr_name);
 
-               free_http_req_rules(&p->http_req_rules);
-               free_http_res_rules(&p->http_res_rules);
                task_destroy(p->task);
 
                pool_destroy(p->req_cap_pool);
@@ -2568,7 +2569,7 @@ void deinit(void)
                free(uap->desc);
 
                userlist_free(uap->userlist);
-               free_http_req_rules(&uap->http_req_rules);
+               deinit_act_rules(&uap->http_req_rules);
 
                free(uap);
        }

diff --git a/src/http_rules.c b/src/http_rules.c
index b790c5ffe95fbf4ee0f0411678aca064b59c90fc..aad771466dbd95fdbcfeaf3fac62f7661945b57e 100644 (file)
--- a/src/http_rules.c
+++ b/src/http_rules.c
@@ -1186,31 +1186,6 @@ struct redirect_rule *http_parse_redirect_rule(const char *file, int linenum, st
        return NULL;
 }
 
-void free_http_res_rules(struct list *r)
-{
-       struct act_rule *tr, *pr;
-
-       list_for_each_entry_safe(pr, tr, r, list) {
-               LIST_DEL(&pr->list);
-               regex_free(pr->arg.hdr_add.re);
-               free(pr);
-       }
-}
-
-void free_http_req_rules(struct list *r)
-{
-       struct act_rule *tr, *pr;
-
-       list_for_each_entry_safe(pr, tr, r, list) {
-               LIST_DEL(&pr->list);
-               if (pr->action == ACT_HTTP_REQ_AUTH)
-                       free(pr->arg.auth.realm);
-
-               regex_free(pr->arg.hdr_add.re);
-               free(pr);
-       }
-}
-
 __attribute__((constructor))
 static void __http_rules_init(void)
 {