From: Willy Tarreau Date: Tue, 17 Sep 2024 17:22:28 +0000 (+0200) Subject: BUG/MINOR: cfgparse: detect incorrect overlap of same backend names X-Git-Tag: v3.1-dev8~7 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=c70906c8a1d262194e416c0094e5eba8f30ba7c9;p=thirdparty%2Fhaproxy.git BUG/MINOR: cfgparse: detect incorrect overlap of same backend names As reported below, it's possible to declare a backend then a proxy with the same name, because for the proxy we check a frontend capability (the first one to be tested): backend b listen b bind :8888 Let's check the two capabilities in this case and not just the frontend. Better not backport this, as there's a risk of breakage of existing setups that work by accident. It might make sense to report them as diag warnings though. Link: https://www.mail-archive.com/haproxy@formilux.org/msg45185.html --- diff --git a/src/cfgparse-listen.c b/src/cfgparse-listen.c index 3109516169..da1bc336ed 100644 --- a/src/cfgparse-listen.c +++ b/src/cfgparse-listen.c @@ -271,8 +271,15 @@ int cfg_parse_listen(const char *file, int linenum, char **args, int kwm) err_code |= ERR_ALERT | ERR_FATAL; } - curproxy = (rc & PR_CAP_FE) ? proxy_fe_by_name(args[1]) : proxy_be_by_name(args[1]); + curproxy = NULL; + if (rc & PR_CAP_FE) + curproxy = proxy_fe_by_name(args[1]); + + if (!curproxy && (rc & PR_CAP_BE)) + curproxy = proxy_be_by_name(args[1]); + if (curproxy) { + /* same capability in common: always forbidden */ ha_alert("Parsing [%s:%d]: %s '%s' has the same name as %s '%s' declared at %s:%d.\n", file, linenum, proxy_cap_str(rc), args[1], proxy_type_str(curproxy), curproxy->id, curproxy->conf.file, curproxy->conf.line);