]> git.ipfire.org Git - thirdparty/haproxy.git/commitdiff
projects / thirdparty / haproxy.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: e663a6e)
MINOR: hlua: Don't needlessly copy lua strings in trash during args validation
authorChristopher Faulet <cfaulet@haproxy.com>
Thu, 6 Aug 2020 06:29:18 +0000 (08:29 +0200)
committerChristopher Faulet <cfaulet@haproxy.com>
Fri, 7 Aug 2020 12:25:31 +0000 (14:25 +0200)
Lua strings are NULL terminated. So in the hlua_lua2arg_check() function, used
to check arguments against the sample fetches specification, there is no reason
to copy these strings in a trash to add a terminating null byte.

In addition, when the array of arguments is built from lua values, we must take
care to count this terminating null bytes in the size of the buffer where a
string is stored. The same must be done when a sample is built from a lua value.

This patch may be backported to easy backports.

src/hlua.c patch | blob | blame | history

diff --git a/src/hlua.c b/src/hlua.c
index f31f318a17108531cf2f584aee850d6704e95b3d..efbc90af3a5f6e3d666aab9db469687b4a6fae3a 100644 (file)
--- a/src/hlua.c
+++ b/src/hlua.c
@@ -418,7 +418,7 @@ static int hlua_lua2arg(lua_State *L, int ud, struct arg *arg)
                arg->type = ARGT_STR;
                arg->data.str.area = (char *)lua_tolstring(L, ud, &arg->data.str.data);
                /* We don't know the actual size of the underlying allocation, so be conservative. */
-               arg->data.str.size = arg->data.str.data;
+               arg->data.str.size = arg->data.str.data+1; /* count the terminating null byte */
                arg->data.str.head = 0;
                break;
 
@@ -561,7 +561,7 @@ static int hlua_lua2smp(lua_State *L, int ud, struct sample *smp)
                smp->flags |= SMP_F_CONST;
                smp->data.u.str.area = (char *)lua_tolstring(L, ud, &smp->data.u.str.data);
                /* We don't know the actual size of the underlying allocation, so be conservative. */
-               smp->data.u.str.size = smp->data.u.str.data;
+               smp->data.u.str.size = smp->data.u.str.data+1; /* count the terminating null byte */
                smp->data.u.str.head = 0;
                break;
 
@@ -683,10 +683,7 @@ __LJMP int hlua_lua2arg_check(lua_State *L, int first, struct arg *argp,
                case ARGT_FE:
                        if (argp[idx].type != ARGT_STR)
                                WILL_LJMP(luaL_argerror(L, first + idx, "string expected"));
-                       memcpy(trash.area, argp[idx].data.str.area,
-                              argp[idx].data.str.data);
-                       trash.area[argp[idx].data.str.data] = 0;
-                       argp[idx].data.prx = proxy_fe_by_name(trash.area);
+                       argp[idx].data.prx = proxy_fe_by_name(argp[idx].data.str.area);
                        if (!argp[idx].data.prx)
                                WILL_LJMP(luaL_argerror(L, first + idx, "frontend doesn't exist"));
                        argp[idx].type = ARGT_FE;
@@ -695,10 +692,7 @@ __LJMP int hlua_lua2arg_check(lua_State *L, int first, struct arg *argp,
                case ARGT_BE:
                        if (argp[idx].type != ARGT_STR)
                                WILL_LJMP(luaL_argerror(L, first + idx, "string expected"));
-                       memcpy(trash.area, argp[idx].data.str.area,
-                              argp[idx].data.str.data);
-                       trash.area[argp[idx].data.str.data] = 0;
-                       argp[idx].data.prx = proxy_be_by_name(trash.area);
+                       argp[idx].data.prx = proxy_be_by_name(argp[idx].data.str.area);
                        if (!argp[idx].data.prx)
                                WILL_LJMP(luaL_argerror(L, first + idx, "backend doesn't exist"));
                        argp[idx].type = ARGT_BE;
@@ -707,10 +701,7 @@ __LJMP int hlua_lua2arg_check(lua_State *L, int first, struct arg *argp,
                case ARGT_TAB:
                        if (argp[idx].type != ARGT_STR)
                                WILL_LJMP(luaL_argerror(L, first + idx, "string expected"));
-                       memcpy(trash.area, argp[idx].data.str.area,
-                              argp[idx].data.str.data);
-                       trash.area[argp[idx].data.str.data] = 0;
-                       argp[idx].data.t = stktable_find_by_name(trash.area);
+                       argp[idx].data.t = stktable_find_by_name(argp[idx].data.str.area);
                        if (!argp[idx].data.t)
                                WILL_LJMP(luaL_argerror(L, first + idx, "table doesn't exist"));
                        argp[idx].type = ARGT_TAB;
@@ -719,19 +710,16 @@ __LJMP int hlua_lua2arg_check(lua_State *L, int first, struct arg *argp,
                case ARGT_SRV:
                        if (argp[idx].type != ARGT_STR)
                                WILL_LJMP(luaL_argerror(L, first + idx, "string expected"));
-                       memcpy(trash.area, argp[idx].data.str.area,
-                              argp[idx].data.str.data);
-                       trash.area[argp[idx].data.str.data] = 0;
-                       sname = strrchr(trash.area, '/');
+                       sname = strrchr(argp[idx].data.str.area, '/');
                        if (sname) {
                                *sname++ = '\0';
-                               pname = trash.area;
+                               pname = argp[idx].data.str.area;
                                px = proxy_be_by_name(pname);
                                if (!px)
                                        WILL_LJMP(luaL_argerror(L, first + idx, "backend doesn't exist"));
                        }
                        else {
-                               sname = trash.area;
+                               sname = argp[idx].data.str.area;
                                px = p;
                        }
                        argp[idx].data.srv = findserver(px, sname);
@@ -743,10 +731,7 @@ __LJMP int hlua_lua2arg_check(lua_State *L, int first, struct arg *argp,
                case ARGT_IPV4:
                        if (argp[idx].type != ARGT_STR)
                                WILL_LJMP(luaL_argerror(L, first + idx, "string expected"));
-                       memcpy(trash.area, argp[idx].data.str.area,
-                              argp[idx].data.str.data);
-                       trash.area[argp[idx].data.str.data] = 0;
-                       if (inet_pton(AF_INET, trash.area, &argp[idx].data.ipv4))
+                       if (inet_pton(AF_INET, argp[idx].data.str.area, &argp[idx].data.ipv4))
                                WILL_LJMP(luaL_argerror(L, first + idx, "invalid IPv4 address"));
                        argp[idx].type = ARGT_IPV4;
                        break;
@@ -755,10 +740,7 @@ __LJMP int hlua_lua2arg_check(lua_State *L, int first, struct arg *argp,
                        if (argp[idx].type == ARGT_SINT)
                                len2mask4(argp[idx].data.sint, &argp[idx].data.ipv4);
                        else if (argp[idx].type == ARGT_STR) {
-                               memcpy(trash.area, argp[idx].data.str.area,
-                                      argp[idx].data.str.data);
-                               trash.area[argp[idx].data.str.data] = 0;
-                               if (!str2mask(trash.area, &argp[idx].data.ipv4))
+                               if (!str2mask(argp[idx].data.str.area, &argp[idx].data.ipv4))
                                        WILL_LJMP(luaL_argerror(L, first + idx, "invalid IPv4 mask"));
                        }
                        else
@@ -769,10 +751,7 @@ __LJMP int hlua_lua2arg_check(lua_State *L, int first, struct arg *argp,
                case ARGT_IPV6:
                        if (argp[idx].type != ARGT_STR)
                                WILL_LJMP(luaL_argerror(L, first + idx, "string expected"));
-                       memcpy(trash.area, argp[idx].data.str.area,
-                              argp[idx].data.str.data);
-                       trash.area[argp[idx].data.str.data] = 0;
-                       if (inet_pton(AF_INET6, trash.area, &argp[idx].data.ipv6))
+                       if (inet_pton(AF_INET6, argp[idx].data.str.area, &argp[idx].data.ipv6))
                                WILL_LJMP(luaL_argerror(L, first + idx, "invalid IPv6 address"));
                        argp[idx].type = ARGT_IPV6;
                        break;
@@ -781,10 +760,7 @@ __LJMP int hlua_lua2arg_check(lua_State *L, int first, struct arg *argp,
                        if (argp[idx].type == ARGT_SINT)
                                len2mask6(argp[idx].data.sint, &argp[idx].data.ipv6);
                        else if (argp[idx].type == ARGT_STR) {
-                               memcpy(trash.area, argp[idx].data.str.area,
-                                      argp[idx].data.str.data);
-                               trash.area[argp[idx].data.str.data] = 0;
-                               if (!str2mask6(trash.area, &argp[idx].data.ipv6))
+                               if (!str2mask6(argp[idx].data.str.area, &argp[idx].data.ipv6))
                                        WILL_LJMP(luaL_argerror(L, first + idx, "invalid IPv6 mask"));
                        }
                        else
Mirror of https://github.com/haproxy/haproxy.git