[BUG] acl-related keywords are not allowed in defaults sections
Using an ACL-related keyword in the defaults section causes a
segfault during parsing because the list headers are not initialized.
We must initialize list headers for default instance and reject
keywords relying on ACLs.
(cherry picked from commit 1c90a6ec20946a713e9c93995a8e91ed3eeb9da4)
(cherry picked from commit eb8131b4e418b838b2d62d991d91d94482ba49de)
diff --git a/src/cfgparse.c b/src/cfgparse.c
index 893557a..a5f49ac 100644
--- a/src/cfgparse.c
+++ b/src/cfgparse.c
@@ -538,6 +538,13 @@
defproxy.maxconn = cfg_maxpconn;
defproxy.conn_retries = CONN_RETRIES;
defproxy.logfac1 = defproxy.logfac2 = -1; /* log disabled */
+
+ LIST_INIT(&defproxy.pendconns);
+ LIST_INIT(&defproxy.acl);
+ LIST_INIT(&defproxy.block_cond);
+ LIST_INIT(&defproxy.mon_fail_cond);
+ LIST_INIT(&defproxy.switching_rules);
+
proxy_reset_timeouts(&defproxy);
}
@@ -864,6 +871,11 @@
curproxy->state = PR_STNEW;
}
else if (!strcmp(args[0], "acl")) { /* add an ACL */
+ if (curproxy == &defproxy) {
+ Alert("parsing [%s:%d] : '%s' not allowed in 'defaults' section.\n", file, linenum, args[0]);
+ return -1;
+ }
+
err = invalid_char(args[1]);
if (err) {
Alert("parsing [%s:%d] : character '%c' is not permitted in acl name '%s'.\n",
@@ -1074,6 +1086,11 @@
int pol = ACL_COND_NONE;
struct acl_cond *cond;
+ if (curproxy == &defproxy) {
+ Alert("parsing [%s:%d] : '%s' not allowed in 'defaults' section.\n", file, linenum, args[0]);
+ return -1;
+ }
+
if (!strcmp(args[1], "if"))
pol = ACL_COND_IF;
else if (!strcmp(args[1], "unless"))
@@ -1191,6 +1208,11 @@
struct acl_cond *cond;
struct switching_rule *rule;
+ if (curproxy == &defproxy) {
+ Alert("parsing [%s:%d] : '%s' not allowed in 'defaults' section.\n", file, linenum, args[0]);
+ return -1;
+ }
+
if (warnifnotcap(curproxy, PR_CAP_FE, file, linenum, args[0], NULL))
return 0;
@@ -1496,6 +1518,11 @@
}
}
else if (!strcmp(args[0], "monitor")) {
+ if (curproxy == &defproxy) {
+ Alert("parsing [%s:%d] : '%s' not allowed in 'defaults' section.\n", file, linenum, args[0]);
+ return -1;
+ }
+
if (warnifnotcap(curproxy, PR_CAP_FE, file, linenum, args[0], NULL))
return 0;