Re: BUG: LUA txn:get_priv() scoped to connection, not transaction

Wed, 22 Aug 2018 00:56:17 -0700 

CCing Thierry.

On Tue, Aug 21, 2018 at 11:57:52PM -0400, Patrick Hemmer wrote:
> There is a bug in the current stable haproxy (1.8.13) where the LUA
> function txn:get_priv() is returning data stored from other
> transactions. This was discovered as we have code that triggers on
> certain requests, and it was triggering on requests it should not have been.
> 
> You can reproduce with this config:
>     global
>         lua-load haproxy.lua
> 
>     defaults
>         mode http
> 
>     frontend f1
>         bind :8000
>         default_backend b1
>         http-request lua.test
> 
>     backend b1
>         http-request use-service lua.fakeserv
> 
> And this lua file:
>     core.register_action("test", { "http-req" }, function(txn)
>         data = txn:get_priv()
>         if not data then
>             data = 0
>         end
>         data = data + 1
>         print(string.format("set to %d", data))
>         txn:set_priv(data)
>     end)
> 
>     core.register_service("fakeserv", "http", function(applet)
>         applet:set_status(200)
>         applet:start_response()
>     end)
> 
> And this curl command:
>     curl http://localhost:8000 http://localhost:8000
> 
> Which provides this output:
>     set to 1
>     set to 2
> 
> 
> 
> Version information:
>     HA-Proxy version 1.8.13 2018/07/30
>     Copyright 2000-2018 Willy Tarreau <[email protected]>
> 
>     Build options :
>         TARGET  = osx
>         CPU     = generic
>         CC      = gcc
>         CFLAGS  = -O0 -g -fno-strict-aliasing
> -Wdeclaration-after-statement -fwrapv -fno-strict-overflow
> -Wno-address-of-packed-member -Wno-null-dereference -Wno-unused-label
>         OPTIONS = USE_ZLIB=1 USE_OPENSSL=1 USE_LUA=1 USE_PCRE=1
> 
>     Default settings :
>         maxconn = 2000, bufsize = 16384, maxrewrite = 1024,
> maxpollevents = 200
> 
>     Built with OpenSSL version : OpenSSL 1.1.0h  27 Mar 2018
>     Running on OpenSSL version : OpenSSL 1.1.0h  27 Mar 2018
>     OpenSSL library supports TLS extensions : yes
>     OpenSSL library supports SNI : yes
>     OpenSSL library supports : TLSv1.0 TLSv1.1 TLSv1.2
>     Built with Lua version : Lua 5.3.4
>     Built with transparent proxy support using:
>     Encrypted password support via crypt(3): yes
>     Built with PCRE version : 8.42 2018-03-20
>     Running on PCRE version : 8.42 2018-03-20
>     PCRE library supports JIT : no (USE_PCRE_JIT not set)
>     Built with zlib version : 1.2.11
>     Running on zlib version : 1.2.11
>     Compression algorithms supported : identity("identity"),
> deflate("deflate"), raw-deflate("deflate"), gzip("gzip")
>     Built with network namespace support.
> 
>     Available polling systems :
>              kqueue : pref=300,  test result OK
>                  poll : pref=200,  test result OK
>              select : pref=150,  test result OK
>     Total: 3 (3 usable), will use kqueue.
> 
>     Available filters :
>         [SPOE] spoe
>         [COMP] compression
>         [TRACE] trace
> 
> 
> -Patrick

Reply via email to