MINOR: tree-wide: add missing TAINTED flags for some experimental directives

We normally taint the process when using experimental directives, but
a handful of places were missed so we don't always know that they are
in use. Let's fix these places (hint for future directives, just look
for places checking for "experimental_directives_allowed", and add
"mark_tainted(TAINTED_CONFIG_EXP_KW_DECLARED);").

diff --git a/src/acme.c b/src/acme.c
index 816de1e28dbf55620d6d799e36c1e5543d33fc79..851aede88e2baf9421b9f7c561ced5c734999570 100644 (file)
--- a/src/acme.c
+++ b/src/acme.c
@@ -264,6 +264,7 @@ static int cfg_parse_acme(const char *file, int linenum, char **args, int kwm)
                err_code |= ERR_ALERT | ERR_FATAL;
                goto out;
        }
+       mark_tainted(TAINTED_CONFIG_EXP_KW_DECLARED);
 
        if (strcmp(args[0], "acme") == 0) {
                struct acme_cfg *tmp_acme = acme_cfgs;

diff --git a/src/cfgparse-global.c b/src/cfgparse-global.c
index 79005384cc741ff3645e41ae435129787edd5204..4a9bcf000453bd6dc4ab0ec01b095f4bce98feb9 100644 (file)
--- a/src/cfgparse-global.c
+++ b/src/cfgparse-global.c
@@ -1613,6 +1613,7 @@ static int cfg_parse_global_shm_stats_file(char **args, int section_type,
                return -1;
        }
 
+       mark_tainted(TAINTED_CONFIG_EXP_KW_DECLARED);
        global.shm_stats_file = strdup(args[1]);
        return 0;
 }
@@ -1636,6 +1637,7 @@ static int cfg_parse_global_shm_stats_file_max_objects(char **args, int section_
                return -1;
        }
 
+       mark_tainted(TAINTED_CONFIG_EXP_KW_DECLARED);
        shm_stats_file_max_objects = atoi(args[1]);
        return 0;
 }

diff --git a/src/cfgparse-quic.c b/src/cfgparse-quic.c
index d7c027c28ad5f8d839986f030e2bfdebfec19098..dd12cfe7664927d2fe03efbd7e8e34d3b17c4bb3 100644 (file)
--- a/src/cfgparse-quic.c
+++ b/src/cfgparse-quic.c
@@ -125,6 +125,7 @@ static int bind_parse_quic_cc_algo(char **args, int cur_arg, struct proxy *px,
                algo = QUIC_CC_NO_CC_STR;
                *cc_algo = quic_cc_algo_nocc;
                arg += strlen(QUIC_CC_NO_CC_STR);
+               mark_tainted(TAINTED_CONFIG_EXP_KW_DECLARED);
        }
        else {
                memprintf(err, "'%s' : unknown control congestion algorithm", args[cur_arg + 1]);

diff --git a/src/cfgparse-ssl.c b/src/cfgparse-ssl.c
index 8dc92317278f1ed961d8fb49a7c3317856a9e425..29780978075d899eefdbfc7dc8886e0103ff505f 100644 (file)
--- a/src/cfgparse-ssl.c
+++ b/src/cfgparse-ssl.c
@@ -895,6 +895,7 @@ static int ssl_bind_parse_ktls(char **args, int cur_arg, struct proxy *px, struc
                          args[cur_arg], args[cur_arg + 1]);
                return ERR_ALERT | ERR_FATAL;
        }
+       mark_tainted(TAINTED_CONFIG_EXP_KW_DECLARED);
        return 0;
 
 }
@@ -1958,6 +1959,7 @@ static int srv_parse_ktls(char **args, int *cur_arg, struct proxy *px, struct se
                          args[*cur_arg], args[*cur_arg + 1]);
                return ERR_ALERT | ERR_FATAL;
        }
+       mark_tainted(TAINTED_CONFIG_EXP_KW_DECLARED);
        return 0;
 }
 

diff --git a/src/server.c b/src/server.c
index 24f0c469272a75f0d67f90b393a0a700675113f6..0411eb4a31abe7f72f686adc79318fb789ac471d 100644 (file)
--- a/src/server.c
+++ b/src/server.c
@@ -3701,6 +3701,7 @@ static int _srv_parse_init(struct server **srv, char **args, int *cur_arg,
                                goto out;
                        }
 
+                       mark_tainted(TAINTED_CONFIG_EXP_KW_DECLARED);
                        newsrv->xprt = xprt_get(XPRT_QUIC);
                        quic_transport_params_init(&newsrv->quic_params, 0);
                }