From: Willy Tarreau <w@1wt.eu>
Date: Mon, 16 Apr 2012 13:00:51 +0000 (+0200)
Subject: BUG/MINOR: http_auth: ACLs are volatile, not permanent
X-Git-Tag: v1.5-dev9~68
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=7744e0cf43f73b9bb049aaa5dec423d40b96afb0;p=thirdparty%2Fhaproxy.git

BUG/MINOR: http_auth: ACLs are volatile, not permanent

ACLs are volatile since they require a fetch of request buffer data which is
then copied to a temporary shared place. The issue is minor though since auth
is generally checked very early.
---

diff --git a/src/proto_http.c b/src/proto_http.c
index ba8604f4ba..e898f9eb50 100644
--- a/src/proto_http.c
+++ b/src/proto_http.c
@@ -8431,8 +8431,8 @@ static struct acl_kw_list acl_kws = {{ },{
 	{ "path_dom",   acl_parse_str,   acl_fetch_path,   acl_match_dom, ACL_USE_L7REQ_VOLATILE },
 	{ "path_len",   acl_parse_int,   acl_fetch_path,   acl_match_len, ACL_USE_L7REQ_VOLATILE },
 
-	{ "http_auth",       acl_parse_nothing, acl_fetch_http_auth, acl_match_auth, ACL_USE_L7REQ_PERMANENT },
-	{ "http_auth_group", acl_parse_strcat,  acl_fetch_http_auth, acl_match_auth, ACL_USE_L7REQ_PERMANENT },
+	{ "http_auth",       acl_parse_nothing, acl_fetch_http_auth, acl_match_auth, ACL_USE_L7REQ_VOLATILE },
+	{ "http_auth_group", acl_parse_strcat,  acl_fetch_http_auth, acl_match_auth, ACL_USE_L7REQ_VOLATILE },
 	{ "http_first_req",  acl_parse_nothing, acl_fetch_http_first_req, acl_match_nothing, ACL_USE_L7REQ_PERMANENT },
 	{ NULL, NULL, NULL, NULL },
 }};