commit 9faebe34cdbf3fcc0e23936aefbbdfa493997b12
author Willy Tarreau <w@1wt.eu> Fri Jun 07 19:00:37 2019 +0200
committer Willy Tarreau <w@1wt.eu> Fri Jun 07 19:32:02 2019 +0200
tree 5b0fd4fbcf658d7e4596e8bc6640d13dc2ba9141
parent b65717fa55fe01e9972e7c809c775d948922a03c

MEDIUM: tools: improve time format error detection

As reported in GH issue #109 and in discourse issue
https://discourse.haproxy.org/t/haproxy-returns-408-or-504-error-when-timeout-client-value-is-every-25d
the time parser doesn't error on overflows nor underflows. This is a
recurring problem which additionally has the bad taste of taking a long
time before hitting the user.

This patch makes parse_time_err() return special error codes for overflows
and underflows, and adds the control in the call places to report suitable
errors depending on the requested unit. In practice, underflows are almost
never returned as the parsing function takes care of rounding values up,
so this might possibly happen on 64-bit overflows returning exactly zero
after rounding though. It is not really possible to cut the patch into
pieces as it changes the function's API, hence all callers.

Tests were run on about every relevant part (cookie maxlife/maxidle,
server inter, stats timeout, timeout*, cli's set timeout command,
tcp-request/response inspect-delay).

src/proto_tcp.c

diff --git a/src/proto_tcp.c b/src/proto_tcp.c
index 51d10a5..64ffb83 100644
--- a/src/proto_tcp.c
+++ b/src/proto_tcp.c
@@ -1816,7 +1816,17 @@
 	}
 
 	ptr = parse_time_err(args[cur_arg + 1], &timeout, TIME_UNIT_MS);
-	if (ptr) {
+	if (ptr == PARSE_TIME_OVER) {
+		memprintf(err, "timer overflow in argument '%s' to '%s' (maximum value is 2147483647 ms or ~24.8 days)",
+			  args[cur_arg+1], args[cur_arg]);
+		return ERR_ALERT | ERR_FATAL;
+	}
+	else if (ptr == PARSE_TIME_UNDER) {
+		memprintf(err, "timer underflow in argument '%s' to '%s' (minimum non-null value is 1 ms)",
+			  args[cur_arg+1], args[cur_arg]);
+		return ERR_ALERT | ERR_FATAL;
+	}
+	else if (ptr) {
 		memprintf(err, "'%s' : expects a positive delay in milliseconds", args[cur_arg]);
 		return ERR_ALERT | ERR_FATAL;
 	}
@@ -1891,7 +1901,17 @@
 	}
 
 	ptr = parse_time_err(args[*cur_arg + 1], &timeout, TIME_UNIT_MS);
-	if (ptr) {
+	if (ptr == PARSE_TIME_OVER) {
+		memprintf(err, "timer overflow in argument '%s' to '%s' (maximum value is 2147483647 ms or ~24.8 days)",
+			  args[*cur_arg+1], args[*cur_arg]);
+		return ERR_ALERT | ERR_FATAL;
+	}
+	else if (ptr == PARSE_TIME_UNDER) {
+		memprintf(err, "timer underflow in argument '%s' to '%s' (minimum non-null value is 1 ms)",
+			  args[*cur_arg+1], args[*cur_arg]);
+		return ERR_ALERT | ERR_FATAL;
+	}
+	else if (ptr) {
 		memprintf(err, "'%s' : expects a positive delay in milliseconds", args[*cur_arg]);
 		return ERR_ALERT | ERR_FATAL;
 	}