From: Remi Tricot-Le Breton Date: Wed, 23 Dec 2020 17:13:45 +0000 (+0100) Subject: MINOR: cache: Avoid storing responses whose secondary key was not correctly calculated X-Git-Tag: v2.4-dev5~50 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=2b5c5cbef6bfac8effa6afa7e3a49d215d3cc60a;p=thirdparty%2Fhaproxy.git MINOR: cache: Avoid storing responses whose secondary key was not correctly calculated If any of the secondary hash normalizing functions raises an error, the secondary hash will be unusable. In this case, the response will not be stored anymore. --- diff --git a/include/haproxy/http_ana-t.h b/include/haproxy/http_ana-t.h index f41a593af3..bb1b75067c 100644 --- a/include/haproxy/http_ana-t.h +++ b/include/haproxy/http_ana-t.h @@ -64,7 +64,7 @@ #define TX_CON_WANT_TUN 0x00008000 /* Will be a tunnel (CONNECT or 101-Switching-Protocol) */ -/* unused 0x00010000 */ +#define TX_CACHE_HAS_SEC_KEY 0x00010000 /* secondary key building succedeed */ #define TX_USE_PX_CONN 0x00020000 /* Use "Proxy-Connection" instead of "Connection" */ diff --git a/src/cache.c b/src/cache.c index 8ef41b2992..ce69af4b5f 100644 --- a/src/cache.c +++ b/src/cache.c @@ -973,8 +973,13 @@ enum act_return http_action_store_cache(struct act_rule *rule, struct proxy *px, if (cache->vary_processing_enabled) { if (!http_check_vary_header(htx, &vary_signature)) goto out; - if (vary_signature) + if (vary_signature) { + /* If something went wrong during the secondary key + * building, do not store the response. */ + if (!(txn->flags & TX_CACHE_HAS_SEC_KEY)) + goto out; http_request_reduce_secondary_key(vary_signature, txn->cache_secondary_hash); + } } else if (http_find_header(htx, ist("Vary"), &ctx, 0)) { goto out; @@ -1677,7 +1682,7 @@ enum act_return http_action_req_cache_use(struct act_rule *rule, struct proxy *p shctx_unlock(shctx_ptr(cache)); /* In case of Vary, we could have multiple entries with the same - * primary hash. We need to calculate the secondary has in order + * primary hash. We need to calculate the secondary hash in order * to find the actual entry we want (if it exists). */ if (res->secondary_key_signature) { if (!http_request_build_secondary_key(s, res->secondary_key_signature)) { @@ -2164,7 +2169,10 @@ static int http_request_build_secondary_key(struct stream *s, int vary_signature } } - return retval; + if (retval >= 0) + txn->flags |= TX_CACHE_HAS_SEC_KEY; + + return (retval < 0); } /*