BUG/MEDIUM: lua: Forbid HTTP applets from being called from tcp rulesets HTTP applets request requires everything initilized by "http_process_request" (analyzer flag AN_REQ_HTTP_INNER). The applet will be immediately initilized, but its before the call of this analyzer. Due to this problem HTTP applets could be called with uncompletely initialized http_txn. This fix must be backported to 1.6.

commit: 718e2a73a2f919f921b0dc4b0e46727718256831 [log] [tgz]
author: Thierry FOURNIER <tfournier@arpalert.org> Sun Dec 20 20:13:14 2015 +0100
committer: Willy Tarreau <w@1wt.eu> Sun Dec 20 23:13:01 2015 +0100
tree: 2e7292eee730f309126544c93ff2194768704f60
parent: d93ea2b603f4ecae2c8139deb9483e7c9d4ffc17 [diff]
diff --git a/src/hlua.c b/src/hlua.c
index b399b26..6260533 100644
--- a/src/hlua.c
+++ b/src/hlua.c

@@ -6062,6 +6062,17 @@
 {
 	struct hlua_function *fcn = (struct hlua_function *)rule->kw->private;
 
+	/* HTTP applets are forbidden in tcp-request rules.
+	 * HTTP applet request requires everything initilized by
+	 * "http_process_request" (analyzer flag AN_REQ_HTTP_INNER).
+	 * The applet will be immediately initilized, but its before
+	 * the call of this analyzer.
+	 */
+	if (rule->from != ACT_F_HTTP_REQ) {
+		memprintf(err, "HTTP applets are forbidden from 'tcp-request' rulesets");
+		return ACT_RET_PRS_ERR;
+	}
+
 	/* Memory for the rule. */
 	rule->arg.hlua_rule = calloc(1, sizeof(*rule->arg.hlua_rule));
 	if (!rule->arg.hlua_rule) {
commit	718e2a73a2f919f921b0dc4b0e46727718256831	[log] [tgz]
author	Thierry FOURNIER <tfournier@arpalert.org>	Sun Dec 20 20:13:14 2015 +0100
committer	Willy Tarreau <w@1wt.eu>	Sun Dec 20 23:13:01 2015 +0100
tree	2e7292eee730f309126544c93ff2194768704f60
parent	d93ea2b603f4ecae2c8139deb9483e7c9d4ffc17 [diff]