BUG/MINOR: stick-table: Never exceed (MAX_SESS_STKCTR-1) when fetching a stkctr
When a stick counter is fetched, it is important that the requested counter does
not exceed (MAX_SESS_STKCTR -1). Actually, there is no bug with a default build
because, by construction, MAX_SESS_STKCTR is defined to 3 and we know that we
never exceed the max value. scN_* sample fetches are numbered from 0 to 2. For
other sample fetches, the value is tested.
But there is a bug if MAX_SESS_STKCTR is set to a lower value. For instance
1. In this case the counters sc1_* and sc2_* may be undefined.
This patch fixes the issue #330. It must be backported as far as 1.7.
(cherry picked from commit a9fa88a1eac9bd0ad2cfb761c4b69fd500a1b056)
Signed-off-by: Christopher Faulet <cfaulet@haproxy.com>
diff --git a/src/stick_table.c b/src/stick_table.c
index 8528baa..a2ff3bf 100644
--- a/src/stick_table.c
+++ b/src/stick_table.c
@@ -2148,8 +2148,6 @@
if (num == '_' - '0') {
/* sc_* variant, args[0] = ctr# (mandatory) */
num = args[arg++].data.sint;
- if (num >= MAX_SESS_STKCTR)
- return NULL;
}
else if (num > 9) { /* src_* variant, args[0] = table */
struct stktable_key *key;
@@ -2180,7 +2178,10 @@
* the sc[0-9]_ form, or even higher using sc_(num) if needed.
* args[arg] is the first optional argument. We first lookup the
* ctr form the stream, then from the session if it was not there.
+ * But we must be sure the counter does not exceed MAX_SESS_STKCTR.
*/
+ if (num >= MAX_SESS_STKCTR)
+ return NULL;
if (strm)
stkptr = &strm->stkctr[num];