BUG: LUA txn:get_priv() scoped to connection, not transaction

Tue, 21 Aug 2018 20:59:17 -0700 

There is a bug in the current stable haproxy (1.8.13) where the LUA
function txn:get_priv() is returning data stored from other
transactions. This was discovered as we have code that triggers on
certain requests, and it was triggering on requests it should not have been.

You can reproduce with this config:
    global
        lua-load haproxy.lua

    defaults
        mode http

    frontend f1
        bind :8000
        default_backend b1
        http-request lua.test

    backend b1
        http-request use-service lua.fakeserv

And this lua file:
    core.register_action("test", { "http-req" }, function(txn)
        data = txn:get_priv()
        if not data then
            data = 0
        end
        data = data + 1
        print(string.format("set to %d", data))
        txn:set_priv(data)
    end)

    core.register_service("fakeserv", "http", function(applet)
        applet:set_status(200)
        applet:start_response()
    end)

And this curl command:
    curl http://localhost:8000 http://localhost:8000

Which provides this output:
    set to 1
    set to 2



Version information:
    HA-Proxy version 1.8.13 2018/07/30
    Copyright 2000-2018 Willy Tarreau <[email protected]>

    Build options :
        TARGET  = osx
        CPU     = generic
        CC      = gcc
        CFLAGS  = -O0 -g -fno-strict-aliasing
-Wdeclaration-after-statement -fwrapv -fno-strict-overflow
-Wno-address-of-packed-member -Wno-null-dereference -Wno-unused-label
        OPTIONS = USE_ZLIB=1 USE_OPENSSL=1 USE_LUA=1 USE_PCRE=1

    Default settings :
        maxconn = 2000, bufsize = 16384, maxrewrite = 1024,
maxpollevents = 200

    Built with OpenSSL version : OpenSSL 1.1.0h  27 Mar 2018
    Running on OpenSSL version : OpenSSL 1.1.0h  27 Mar 2018
    OpenSSL library supports TLS extensions : yes
    OpenSSL library supports SNI : yes
    OpenSSL library supports : TLSv1.0 TLSv1.1 TLSv1.2
    Built with Lua version : Lua 5.3.4
    Built with transparent proxy support using:
    Encrypted password support via crypt(3): yes
    Built with PCRE version : 8.42 2018-03-20
    Running on PCRE version : 8.42 2018-03-20
    PCRE library supports JIT : no (USE_PCRE_JIT not set)
    Built with zlib version : 1.2.11
    Running on zlib version : 1.2.11
    Compression algorithms supported : identity("identity"),
deflate("deflate"), raw-deflate("deflate"), gzip("gzip")
    Built with network namespace support.

    Available polling systems :
             kqueue : pref=300,  test result OK
                 poll : pref=200,  test result OK
             select : pref=150,  test result OK
    Total: 3 (3 usable), will use kqueue.

    Available filters :
        [SPOE] spoe
        [COMP] compression
        [TRACE] trace


-Patrick

Reply via email to