Hi there,

I just started some testing with haproxy 2.0 and noticed something that
I guess could be considered a regression? Not sure, I also may have
missed something in the release announcements or such. 
Anyways: we use the control socket to dynamically update ACLs. With
haproxy 2.0, escaped spaces in ACL patterns are no longer recognized.
Here is an example from a recent 2.0 repo build:

$ ../haproxy-2.0/haproxy -v
HA-Proxy version 2.0.5-4db294-10 2019/08/26 - https://haproxy.org/
$ ../haproxy-2.0/haproxy -f ./min.cfg &
[1] 4128
<5>Proxy http-in started.
$ echo 'show acl tarpit-ua.lst' | socat - /tmp/haproxy.sock

$ echo 'add acl tarpit-ua.lst spaces\ test' | socat - /tmp/haproxy.sock

$ echo 'show acl tarpit-ua.lst' | socat - /tmp/haproxy.sock
0x7f3d3c01f960 spaces

I think you get the idea, but happy to supply more details. Looking at
the code (cli.c), it seems to me that this never got implemented (in
the rewrite?). This worked fine before and I dare say it is a tad
dangerous, because it might silently shorten your regular expressions
to match _a lot_ of user agents :)

More for illustrative purposes than anything else I attached a patch
that fixes the issue for me (against 2.0 repo). However, I have not yet
spent a lot of time with the 2.0 code base, so I'll leave it up to you
to judge the quality thereof. No offense taken if you'd rather
implement this differently. However, also happy to work on it with some
pointers to the right direction.

I hope I am not just missing something really obvious here :)

As usual, thanks for all the fish,
Conrad
-- 
Conrad Hoffmann
Systems and Traffic Engineering

SoundCloud Ltd. | Rheinsberger Str. 76/77, 10115 Berlin, Germany

Managing Director: Artem Fishman | Incorporated in England & Wales
with Company No. 6343600 | Local Branch Office | AG
Charlottenburg  | HRB 110657B  
diff --git a/src/cli.c b/src/cli.c
index 9a9f80f9..43550067 100644
--- a/src/cli.c
+++ b/src/cli.c
@@ -533,8 +533,11 @@ static int cli_parse_request(struct appctx *appctx)
 			break;
 
 		args[i] = p;
-		p += strcspn(p, " \t");
-		*p++ = 0;
+		do {
+			/* skip to next unescaped space, also accounting for potential '// ' */
+			p += strcspn(p, " \t") + 1;
+		} while ((p > appctx->chunk->area + 2) && *(p-2) == '\\' && *(p-3) != '\\');
+		*(p - 1) = 0;
 
 		/* unescape backslashes (\) */
 		for (j = 0, k = 0; args[i][k]; k++) {

Reply via email to