|
[-]
[+]
|
Changed |
haproxy.spec
|
|
|
|
[-]
[+]
|
Changed |
_service:download_files:haproxy-1.5.17.tar.gz/CHANGELOG
^
|
| @@ -1,6 +1,70 @@
ChangeLog :
===========
+2016/04/13 : 1.5.17
+ - BUG/MINOR: log: Don't use strftime() which can clobber timezone if chrooted
+ - BUG/MINOR: conf: "listener id" expects integer, but its not checked
+ - BUG/MAJOR: Fix crash in http_get_fhdr with exactly MAX_HDR_HISTORY headers
+ - DOC: "addr" parameter applies to both health and agent checks
+ - DOC: timeout client: pointers to timeout http-request
+ - DOC: typo on stick-store response
+ - DOC: typo: ACL subdir match
+ - DOC: typo: maxconn paragraph is wrong due to a wrong buffer size
+ - DOC: typo: req.uri is now replaced by capture.req.uri
+ - DOC: fix "needed" typo
+ - BUG/MINOR : allow to log cookie for tarpit and denied request
+ - BUG/MAJOR: channel: fix miscalculation of available buffer space (2nd try)
+ - DOC: fix discrepancy in the example for http-request redirect
+
+2016/03/14 : 1.5.16
+ - BUG/BUILD: replace haproxy-systemd-wrapper with $(EXTRA) in install-bin.
+ - BUG/MINOR: acl: don't use record layer in req_ssl_ver
+ - BUG: http: do not abort keep-alive connections on server timeout
+ - BUG/MEDIUM: http: switch the request channel to no-delay once done.
+ - MINOR: config: extend the default max hostname length to 64 and beyond
+ - BUG/MEDIUM: http: don't enable auto-close on the response side
+ - BUG/MEDIUM: stream: fix half-closed timeout handling
+ - BUG/MEDIUM: cli: changing compression rate-limiting must require admin level
+ - BUILD: freebsd: double declaration
+ - BUG/MEDIUM: sample: urlp can't match an empty value
+ - BUG/MEDIUM: peers: table entries learned from a remote are pushed to others after a random delay.
+ - BUG/MEDIUM: peers: old stick table updates could be repushed.
+ - CLEANUP: haproxy: using _GNU_SOURCE instead of __USE_GNU macro.
+ - BUG/MINOR: chunk: make chunk_dup() always check and set dst->size
+ - MINOR: chunks: ensure that chunk_strcpy() adds a trailing zero
+ - MINOR: chunks: add chunk_strcat() and chunk_newstr()
+ - MINOR: chunk: make chunk_initstr() take a const string
+ - BUG/MEDIUM: config: Adding validation to stick-table expire value.
+ - BUG/MEDIUM: sample: http_date() doesn't provide the right day of the week
+ - BUG/MEDIUM: channel: fix miscalculation of available buffer space.
+ - BUG/MINOR: stream: don't force retries if the server is DOWN
+ - MINOR: unix: don't mention free ports on EAGAIN
+ - BUG/CLEANUP: CLI: report the proper field states in "show sess"
+ - MINOR: stats: send content-length with the redirect to allow keep-alive
+ - BUG: stream_interface: Reuse connection even if the output channel is empty
+ - DOC: remove old tunnel mode assumptions
+ - DOC: add server name at rate-limit sessions example
+ - BUG/MEDIUM: ssl: fix off-by-one in ALPN list allocation
+ - BUG/MEDIUM: ssl: fix off-by-one in NPN list allocation
+ - BUG/MEDIUM: stats: stats bind-process doesn't propagate the process mask correctly
+ - BUG/MINOR: http: Be sure to process all the data received from a server
+ - BUG/MEDIUM: chunks: always reject negative-length chunks
+ - BUG/MINOR: systemd: ensure we don't miss signals
+ - BUG/MINOR: systemd: report the correct signal in debug message output
+ - BUG/MINOR: systemd: propagate the correct signal to haproxy
+ - MINOR: systemd: ensure a reload doesn't mask a stop
+ - CLEANUP: stats: Avoid computation with uninitialized bits.
+ - CLEANUP: pattern: Ignore unknown samples in pat_match_ip().
+ - CLEANUP: map: Avoid memory leak in out-of-memory condition.
+ - BUG/MINOR: tcpcheck: conf parsing error when no port configured on server and last rule is a CONNECT with no port
+ - BUG/MINOR: tcpcheck: fix incorrect list usage resulting in failure to load certain configs
+ - MINOR: cfgparse: warn when uid parameter is not a number
+ - MINOR: cfgparse: warn when gid parameter is not a number
+ - BUG/MINOR: standard: Avoid free of non-allocated pointer
+ - BUG/MINOR: pattern: Avoid memory leak on out-of-memory condition
+ - CLEANUP: http: fix a build warning introduced by a recent fix
+ - BUG/MINOR: log: GMT offset not updated when entering/leaving DST
+
2015/11/01 : 1.5.15
- BUG/MINOR: log: missing some ARGC_* entries in fmt_directives()
- DOC: usesrc root privileges requirements
|
|
[-]
[+]
|
Changed |
_service:download_files:haproxy-1.5.17.tar.gz/CONTRIBUTING
^
|
| @@ -626,14 +626,14 @@
$ git show master..
And once you're satisfied, you should update your master branch to be sure that
-nothing changed during your work (only neede if you left it unattended for days
+nothing changed during your work (only needed if you left it unattended for days
or weeks) :
$ git checkout -b 20150920-fix-stats-rebased
$ git fetch origin master:master
$ git rebase master
-They can build a list of patches ready for submission like this :
+You can build a list of patches ready for submission like this :
$ git format-patch master
|
|
[-]
[+]
|
Changed |
_service:download_files:haproxy-1.5.17.tar.gz/Makefile
^
|
| @@ -719,10 +719,9 @@
install -m 644 doc/$$x.txt "$(DESTDIR)$(DOCDIR)" ; \
done
-install-bin: haproxy haproxy-systemd-wrapper
+install-bin: haproxy $(EXTRA)
install -d "$(DESTDIR)$(SBINDIR)"
- install haproxy "$(DESTDIR)$(SBINDIR)"
- install haproxy-systemd-wrapper "$(DESTDIR)$(SBINDIR)"
+ install haproxy $(EXTRA) "$(DESTDIR)$(SBINDIR)"
install: install-bin install-man install-doc
|
|
[-]
[+]
|
Changed |
_service:download_files:haproxy-1.5.17.tar.gz/README
^
|
| @@ -1,9 +1,9 @@
----------------------
HAProxy how-to
----------------------
- version 1.5.15
+ version 1.5
willy tarreau
- 2015/11/01
+ 2016/04/13
1) How to build it
|
|
[-]
[+]
|
Changed |
_service:download_files:haproxy-1.5.17.tar.gz/VERDATE
^
|
| @@ -1,2 +1,2 @@
$Format:%ci$
-2015/11/01
+2016/04/13
|
|
[-]
[+]
|
Changed |
_service:download_files:haproxy-1.5.17.tar.gz/VERSION
^
|
| @@ -1 +1 @@
-1.5.15
+1.5.17
|
|
[-]
[+]
|
Changed |
_service:download_files:haproxy-1.5.17.tar.gz/doc/configuration.txt
^
|
| @@ -2,9 +2,9 @@
HAProxy
Configuration Manual
----------------------
- version 1.5.15
+ version 1.5
willy tarreau
- 2015/11/01
+ 2016/04/13
This document covers the configuration language as implemented in the version
@@ -2267,11 +2267,11 @@
of complex combinations of "Set-cookie" and "Cache-control"
headers is left to the application. The application can then
decide whether or not it is appropriate to emit a persistence
- cookie. Since all responses should be monitored, this mode only
- works in HTTP close mode. Unless the application behaviour is
- very complex and/or broken, it is advised not to start with this
- mode for new deployments. This keyword is incompatible with
- "insert" and "prefix".
+ cookie. Since all responses should be monitored, this mode
+ doesn't work in HTTP tunnel mode. Unless the application
+ behaviour is very complex and/or broken, it is advised not to
+ start with this mode for new deployments. This keyword is
+ incompatible with "insert" and "prefix".
insert This keyword indicates that the persistence cookie will have to
be inserted by haproxy in server responses if the client did not
@@ -2297,7 +2297,7 @@
and a delimiter. The prefix will be removed from all client
requests so that the server still finds the cookie it emitted.
Since all requests and responses are subject to being modified,
- this mode requires the HTTP close mode. The "prefix" keyword is
+ this mode doesn't work with tunnel mode. The "prefix" keyword is
not compatible with "rewrite" and "insert". Note: it is highly
recommended not to use "indirect" with "prefix", otherwise server
cookie updates would not be sent to clients.
@@ -3550,10 +3550,10 @@
very high so that haproxy manages connection queues, instead of leaving the
clients with unanswered connection attempts. This value should not exceed the
global maxconn. Also, keep in mind that a connection contains two buffers
- of 8kB each, as well as some other data resulting in about 17 kB of RAM being
- consumed per established connection. That means that a medium system equipped
- with 1GB of RAM can withstand around 40000-50000 concurrent connections if
- properly tuned.
+ of tune.bufsize (16kB by default) each, as well as some other data resulting
+ in about 33 kB of RAM being consumed per established connection. That means
+ that a medium system equipped with 1GB of RAM can withstand around
+ 20000-25000 concurrent connections if properly tuned.
Also, when <conns> is set to large values, it is possible that the servers
are not sized to accept such loads, and for this reason it is generally wise
@@ -4363,11 +4363,9 @@
By setting this option in a frontend, haproxy can automatically switch to use
that non-standard header if it sees proxied requests. A proxied request is
- defined here as one where the URI begins with neither a '/' nor a '*'. The
- choice of header only affects requests passing through proxies making use of
- one of the "httpclose", "forceclose" and "http-server-close" options. Note
- that this option can only be specified in a frontend and will affect the
- request along its whole life.
+ defined here as one where the URI begins with neither a '/' nor a '*'. This
+ is incompatible with the HTTP tunnel mode. Note that this option can only be
+ specified in a frontend and will affect the request along its whole life.
Also, when this option is set, a request which requires authentication will
automatically switch to use proxy authentication headers if it is itself a
@@ -4516,10 +4514,8 @@
No host address resolution is performed, so this only works when pure IP
addresses are passed. Since this option's usage perimeter is rather limited,
- it will probably be used only by experts who know they need exactly it. Last,
- if the clients are susceptible of sending keep-alive requests, it will be
- needed to add "option httpclose" to ensure that all requests will correctly
- be analyzed.
+ it will probably be used only by experts who know they need exactly it. This
+ is incompatible with the HTTP tunnel mode.
If this option has been enabled in a "defaults" section, it can be disabled
in a specific instance by prepending the "no" keyword before it.
@@ -5399,7 +5395,7 @@
mode tcp
bind :25
rate-limit sessions 10
- server 127.0.0.1:1025
+ server smtp1 127.0.0.1:1025
Note : when the maximum rate is reached, the frontend's status is not changed
but its sockets appear as "WAITING" in the statistics if the
@@ -5509,7 +5505,8 @@
redirect scheme https if !{ ssl_fc }
Example: append 'www.' prefix in front of all hosts not having it
- http-request redirect code 301 location www.%[hdr(host)]%[req.uri] \
+ http-request redirect code 301 location \
+ http://www.%[hdr(host)]%[capture.req.uri] \
unless { hdr_beg(host) -i www }
See section 7 about ACL usage.
@@ -7085,7 +7082,7 @@
stick store-response <pattern> [table <table>] [{if | unless} <condition>]
- Define a request pattern used to create an entry in a stickiness table
+ Define a response pattern used to create an entry in a stickiness table
May be used in sections : defaults | frontend | listen | backend
no | no | yes | yes
@@ -7789,8 +7786,10 @@
The inactivity timeout applies when the client is expected to acknowledge or
send data. In HTTP mode, this timeout is particularly important to consider
during the first phase, when the client sends the request, and during the
- response while it is reading data sent by the server. The value is specified
- in milliseconds by default, but can be in any other unit if the number is
+ response while it is reading data sent by the server. That said, for the
+ first phase, it is preferable to set the "timeout http-request" to better
+ protect HAProxy from Slowloris like attacks. The value is specified in
+ milliseconds by default, but can be in any other unit if the number is
suffixed by the unit, as specified at the top of this document. In TCP mode
(and to a lesser extent, in HTTP mode), it is highly recommended that the
client timeout remains equal to the server timeout in order to avoid complex
@@ -7812,7 +7811,8 @@
to use it to write new configurations. The form "timeout clitimeout" is
provided only by backwards compatibility but its use is strongly discouraged.
- See also : "clitimeout", "timeout server", "timeout tunnel".
+ See also : "clitimeout", "timeout server", "timeout tunnel",
+ "timeout http-request".
timeout client-fin <timeout>
@@ -8734,10 +8734,11 @@
addr <ipv4|ipv6>
Using the "addr" parameter, it becomes possible to use a different IP address
- to send health-checks. On some servers, it may be desirable to dedicate an IP
- address to specific component able to perform complex tests which are more
- suitable to health-checks than the application. This parameter is ignored if
- the "check" parameter is not set. See also the "port" parameter.
+ to send health-checks or to probe the agent-check. On some servers, it may be
+ desirable to dedicate an IP address to specific component able to perform
+ complex tests which are more suitable to health-checks than the application.
+ This parameter is ignored if the "check" parameter is not set. See also the
+ "port" parameter.
Supported in default-server: No
@@ -9795,7 +9796,7 @@
- suffix match (-m end) : the patterns are compared with the end of the
extracted string, and the ACL matches if any of them matches.
- - subdir match (-m sub) : the patterns are looked up inside the extracted
+ - subdir match (-m dir) : the patterns are looked up inside the extracted
string, delimited with slashes ("/"), and the ACL matches if any of them
matches.
@@ -12588,7 +12589,7 @@
spent accepting these connections will inevitably slightly delay processing
of other connections, and it can happen that request times in the order of
a few tens of milliseconds are measured after a few thousands of new
- connections have been accepted at once. Setting "option http-server-close"
+ connections have been accepted at once. Using one of the keep-alive modes
may display larger request times since "Tq" also measures the time spent
waiting for additional requests.
|
|
[-]
[+]
|
Changed |
_service:download_files:haproxy-1.5.17.tar.gz/examples/haproxy.spec
^
|
| @@ -1,6 +1,6 @@
Summary: HA-Proxy is a TCP/HTTP reverse proxy for high availability environments
Name: haproxy
-Version: 1.5.15
+Version: 1.5.17
Release: 1
License: GPL
Group: System Environment/Daemons
@@ -76,6 +76,12 @@
%attr(0755,root,root) %config %{_sysconfdir}/rc.d/init.d/%{name}
%changelog
+* Wed Apr 13 2016 Willy Tarreau <w@1wt.eu>
+- updated to 1.5.17
+
+* Mon Mar 14 2016 Willy Tarreau <w@1wt.eu>
+- updated to 1.5.16
+
* Sun Nov 1 2015 Willy Tarreau <w@1wt.eu>
- updated to 1.5.15
|
|
[-]
[+]
|
Changed |
_service:download_files:haproxy-1.5.17.tar.gz/include/common/chunk.h
^
|
| @@ -66,7 +66,7 @@
static inline int chunk_initlen(struct chunk *chk, char *str, size_t size, int len)
{
- if (size && len > size)
+ if (len < 0 || (size && len > size))
return 0;
chk->str = str;
@@ -76,28 +76,70 @@
return 1;
}
-static inline void chunk_initstr(struct chunk *chk, char *str)
+/* this is only for temporary manipulation, the chunk is read-only */
+static inline void chunk_initstr(struct chunk *chk, const char *str)
{
- chk->str = str;
+ chk->str = (char *)str;
chk->len = strlen(str);
chk->size = 0; /* mark it read-only */
}
+/* copies str into <chk> followed by a trailing zero. Returns 0 in
+ * case of failure.
+ */
static inline int chunk_strcpy(struct chunk *chk, const char *str)
{
size_t len;
len = strlen(str);
- if (unlikely(len > chk->size))
+ if (unlikely(len >= chk->size))
return 0;
chk->len = len;
- memcpy(chk->str, str, len);
+ memcpy(chk->str, str, len + 1);
return 1;
}
+/* appends str after <chk> followed by a trailing zero. Returns 0 in
+ * case of failure.
+ */
+static inline int chunk_strcat(struct chunk *chk, const char *str)
+{
+ size_t len;
+
+ len = strlen(str);
+
+ if (unlikely(chk->len < 0 || chk->len + len >= chk->size))
+ return 0;
+
+ memcpy(chk->str + chk->len, str, len + 1);
+ chk->len += len;
+ return 1;
+}
+
+/* Adds a trailing zero to the current chunk and returns the pointer to the
+ * following part. The purpose is to be able to use a chunk as a series of
+ * short independant strings with chunk_* functions, which do not need to be
+ * released. Returns NULL if no space is available to ensure that the new
+ * string will have its own trailing zero. For example :
+ * chunk_init(&trash);
+ * pid = chunk_newstr(&trash);
+ * chunk_appendf(&trash, "%d", getpid()));
+ * name = chunk_newstr(&trash);
+ * chunk_appendf(&trash, "%s", gethosname());
+ * printf("hostname=<%s>, pid=<%d>\n", name, pid);
+ */
+static inline char *chunk_newstr(struct chunk *chk)
+{
+ if (chk->len < 0 || chk->len + 1 >= chk->size)
+ return NULL;
+
+ chk->str[chk->len++] = 0;
+ return chk->str + chk->len;
+}
+
static inline void chunk_drop(struct chunk *chk)
{
chk->str = NULL;
@@ -116,18 +158,28 @@
/*
* frees the destination chunk if already allocated, allocates a new string,
- * and copies the source into it. The pointer to the destination string is
- * returned, or NULL if the allocation fails or if any pointer is NULL..
+ * and copies the source into it. The new chunk will have extra room for a
+ * trailing zero unless the source chunk was actually full. The pointer to
+ * the destination string is returned, or NULL if the allocation fails or if
+ * any pointer is NULL.
*/
static inline char *chunk_dup(struct chunk *dst, const struct chunk *src)
{
- if (!dst || !src || !src->str)
+ if (!dst || !src || src->len < 0 || !src->str)
return NULL;
- if (dst->str)
+
+ if (dst->size)
free(dst->str);
dst->len = src->len;
- dst->str = (char *)malloc(dst->len);
+ dst->size = src->len;
+ if (dst->size < src->size || !src->size)
+ dst->size++;
+
+ dst->str = (char *)malloc(dst->size);
memcpy(dst->str, src->str, dst->len);
+ if (dst->len < dst->size)
+ dst->str[dst->len] = 0;
+
return dst->str;
}
|
|
[-]
[+]
|
Changed |
_service:download_files:haproxy-1.5.17.tar.gz/include/common/defaults.h
^
|
| @@ -190,8 +190,12 @@
/* Maximum host name length */
#ifndef MAX_HOSTNAME_LEN
-#define MAX_HOSTNAME_LEN 32
-#endif
+#if MAXHOSTNAMELEN
+#define MAX_HOSTNAME_LEN MAXHOSTNAMELEN
+#else
+#define MAX_HOSTNAME_LEN 64
+#endif // MAXHOSTNAMELEN
+#endif // MAX_HOSTNAME_LEN
/* Maximum health check description length */
#ifndef HCHK_DESC_LEN
|
|
[-]
[+]
|
Changed |
_service:download_files:haproxy-1.5.17.tar.gz/include/common/mini-clist.h
^
|
| @@ -144,6 +144,7 @@
* which contains list head <lh>, which is known as element <el> in
* struct pt.
*/
+#undef LIST_PREV
#define LIST_PREV(lh, pt, el) (LIST_ELEM((lh)->p, pt, el))
/*
|
|
[-]
[+]
|
Changed |
_service:download_files:haproxy-1.5.17.tar.gz/include/common/standard.h
^
|
| @@ -768,9 +768,6 @@
extern const char *monthname[];
-/* numeric timezone (that is, the hour and minute offset from UTC) */
-char localtimezone[6];
-
/* date2str_log: write a date in the format :
* sprintf(str, "%02d/%s/%04d:%02d:%02d:%02d.%03d",
* tm.tm_mday, monthname[tm.tm_mon], tm.tm_year+1900,
@@ -781,6 +778,13 @@
*/
char *date2str_log(char *dest, struct tm *tm, struct timeval *date, size_t size);
+/* Return the GMT offset for a specific local time.
+ * Both t and tm must represent the same time.
+ * The string returned has the same format as returned by strftime(... "%z", tm).
+ * Offsets are kept in an internal cache for better performances.
+ */
+const char *get_gmt_offset(time_t t, struct tm *tm);
+
/* gmt2str_log: write a date in the format :
* "%02d/%s/%04d:%02d:%02d:%02d +0000" without using snprintf
* return a pointer to the last char written (\0) or
@@ -790,10 +794,11 @@
/* localdate2str_log: write a date in the format :
* "%02d/%s/%04d:%02d:%02d:%02d +0000(local timezone)" without using snprintf
+ * Both t and tm must represent the same time.
* return a pointer to the last char written (\0) or
* NULL if there isn't enough space.
*/
-char *localdate2str_log(char *dst, struct tm *tm, size_t size);
+char *localdate2str_log(char *dst, time_t t, struct tm *tm, size_t size);
/* Dynamically allocates a string of the proper length to hold the formatted
* output. NULL is returned on error. The caller is responsible for freeing the
|
|
[-]
[+]
|
Changed |
_service:download_files:haproxy-1.5.17.tar.gz/include/proto/channel.h
^
|
| @@ -127,32 +127,6 @@
return chn->cons->state == SI_ST_EST;
}
-/* Returns the amount of bytes from the channel that are already scheduled for
- * leaving (buf->o) or that are still part of the input and expected to be sent
- * soon as covered by to_forward. This is useful to know by how much we can
- * shrink the rewrite reserve during forwards. Buffer data are not considered
- * in transit until the channel is connected, so that the reserve remains
- * protected.
- */
-static inline int channel_in_transit(const struct channel *chn)
-{
- int ret;
-
- if (!channel_may_send(chn))
- return 0;
-
- /* below, this is min(i, to_forward) optimized for the fast case */
- if (chn->to_forward >= chn->buf->i ||
- (CHN_INFINITE_FORWARD < MAX_RANGE(typeof(chn->buf->i)) &&
- chn->to_forward == CHN_INFINITE_FORWARD))
- ret = chn->buf->i;
- else
- ret = chn->to_forward;
-
- ret += chn->buf->o;
- return ret;
-}
-
/* Returns non-zero if the buffer input is considered full. This is used to
* decide when to stop reading into a buffer when we want to ensure that we
* leave the reserve untouched after all pending outgoing data are forwarded.
@@ -292,30 +266,53 @@
/*************************************************/
-/* Return the number of reserved bytes in the channel's visible
- * buffer, which ensures that once all pending data are forwarded, the
- * buffer still has global.tune.maxrewrite bytes free. The result is
- * between 0 and global.tune.maxrewrite, which is itself smaller than
- * any chn->size. Special care is taken to avoid any possible integer
- * overflow in the operations.
- */
-static inline int buffer_reserved(const struct channel *chn)
-{
- int reserved;
-
- reserved = global.tune.maxrewrite - channel_in_transit(chn);
- if (reserved < 0)
- reserved = 0;
- return reserved;
-}
-
/* Return the max number of bytes the buffer can contain so that once all the
* pending bytes are forwarded, the buffer still has global.tune.maxrewrite
* bytes free. The result sits between chn->size - maxrewrite and chn->size.
+ * The principle is the following :
+ * - a non-connected buffer cannot touch the reserve
+ * - infinite forward can fill the buffer
+ * - all output bytes are ignored, they're leaving
+ * - all input bytes covered by to_forward are considered in transit and
+ * virtually don't take room
+ * - the reserve may be covered up to the min of (fwd-transit) since these
+ * bytes will be in transit later thus will only take temporary space.
+ *
+ * So the formula is to return this limit is :
+ * size - maxrewrite + min(fwd - min(i, fwd), maxrewrite)
+ * = size - maxrewrite + min( min(fwd - i, 0), maxrewrite)
+ *
+ * The code isn't written the most obvious way because we help the compiler
+ * optimise it as it cannot guess how to factor the result out. The most common
+ * path is jumpless.
*/
static inline int buffer_max_len(const struct channel *chn)
{
- return chn->buf->size - buffer_reserved(chn);
+ int transit;
+ int reserve;
+
+ /* return size - maxrewrite if we can't send */
+ reserve = global.tune.maxrewrite;
+ if (unlikely(!channel_may_send(chn)))
+ goto end;
+
+ /* This apparently tricky check is just a hint to let the compiler
+ * optimize all this code away as long as we don't change the types.
+ */
+ reserve = 0;
+ if (CHN_INFINITE_FORWARD < MAX_RANGE(typeof(chn->buf->i)) &&
+ chn->to_forward == CHN_INFINITE_FORWARD)
+ goto end;
+
+ transit = chn->buf->o + chn->to_forward - chn->buf->i;
+ if (transit < 0)
+ transit = 0;
+
+ reserve = global.tune.maxrewrite - transit;
+ if (reserve < 0)
+ reserve = 0;
+ end:
+ return chn->buf->size - reserve;
}
/* Returns the amount of space available at the input of the buffer, taking the
|
|
[-]
[+]
|
Changed |
_service:download_files:haproxy-1.5.17.tar.gz/include/proto/stream_interface.h
^
|
| @@ -331,11 +331,12 @@
/* we're in the process of establishing a connection */
si->state = SI_ST_CON;
}
- else if (!channel_is_empty(si->ob)) {
- /* reuse the existing connection, we'll have to send a
- * request there.
- */
- conn_data_want_send(conn);
+ else {
+ /* reuse the existing connection */
+ if (!channel_is_empty(si->ob)) {
+ /* we'll have to send a request there. */
+ conn_data_want_send(conn);
+ }
/* the connection is established */
si->state = SI_ST_EST;
|
|
[-]
[+]
|
Changed |
_service:download_files:haproxy-1.5.17.tar.gz/src/cfgparse.c
^
|
| @@ -895,7 +895,12 @@
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
}
- global.uid = atol(args[1]);
+ if (strl2irc(args[1], strlen(args[1]), &global.uid) != 0) {
+ Warning("parsing [%s:%d] : uid: string '%s' is not a number.\n | You might want to use the 'user' parameter to use a system user name.\n", file, linenum, args[1]);
+ err_code |= ERR_WARN;
+ goto out;
+ }
+
}
else if (!strcmp(args[0], "gid")) {
if (global.gid != 0) {
@@ -908,7 +913,11 @@
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
}
- global.gid = atol(args[1]);
+ if (strl2irc(args[1], strlen(args[1]), &global.gid) != 0) {
+ Warning("parsing [%s:%d] : gid: string '%s' is not a number.\n | You might want to use the 'group' parameter to use a system group name.\n", file, linenum, args[1]);
+ err_code |= ERR_WARN;
+ goto out;
+ }
}
/* user/group name handling */
else if (!strcmp(args[0], "user")) {
@@ -3213,6 +3222,12 @@
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
}
+ if (val > INT_MAX) {
+ Alert("parsing [%s:%d] : Expire value [%u]ms exceeds maxmimum value of 24.85 days.\n",
+ file, linenum, val);
+ err_code |= ERR_ALERT | ERR_FATAL;
+ goto out;
+ }
curproxy->table.expire = val;
myidx++;
}
@@ -7131,7 +7146,7 @@
list_for_each_entry(bind_conf, &global.stats_fe->conf.bind, by_fe) {
unsigned long mask;
- mask = bind_conf->bind_proc ? bind_conf->bind_proc : nbits(global.nbproc);
+ mask = bind_conf->bind_proc ? bind_conf->bind_proc : 0;
global.stats_fe->bind_proc |= mask;
}
if (!global.stats_fe->bind_proc)
|
|
[-]
[+]
|
Changed |
_service:download_files:haproxy-1.5.17.tar.gz/src/channel.c
^
|
| @@ -87,7 +87,7 @@
if (len == 0)
return -1;
- if (len > chn->buf->size) {
+ if (len < 0 || len > chn->buf->size) {
/* we can't write this chunk and will never be able to, because
* it is larger than the buffer. This must be reported as an
* error. Then we return -2 so that writers that don't care can
@@ -157,6 +157,9 @@
if (unlikely(channel_input_closed(chn)))
return -2;
+ if (len < 0)
+ return -3;
+
max = buffer_max_len(chn);
if (unlikely(len > max - buffer_len(chn->buf))) {
/* we can't write this chunk right now because the buffer is
|
|
[-]
[+]
|
Changed |
_service:download_files:haproxy-1.5.17.tar.gz/src/chunk.c
^
|
| @@ -100,7 +100,7 @@
va_list argp;
int ret;
- if (!chk->str || !chk->size)
+ if (chk->len < 0 || !chk->str || !chk->size)
return 0;
va_start(argp, fmt);
@@ -125,6 +125,9 @@
int olen, free;
char c;
+ if (dst->len < 0)
+ return dst->len;
+
olen = dst->len;
for (i = 0; i < src->len; i++) {
@@ -166,6 +169,9 @@
int olen, free;
char c;
+ if (dst->len < 0)
+ return dst->len;
+
olen = dst->len;
for (i = 0; i < src->len; i++) {
|
|
[-]
[+]
|
Changed |
_service:download_files:haproxy-1.5.17.tar.gz/src/dumpstats.c
^
|
| @@ -1695,6 +1695,12 @@
if (strcmp(args[3], "global") == 0) {
int v;
+ if (s->listener->bind_conf->level < ACCESS_LVL_ADMIN) {
+ appctx->ctx.cli.msg = stats_permission_denied_msg;
+ appctx->st0 = STAT_CLI_PRINT;
+ return 1;
+ }
+
if (!*args[4]) {
appctx->ctx.cli.msg = "Expects a maximum input byte rate in kB/s.\n";
appctx->st0 = STAT_CLI_PRINT;
@@ -4772,6 +4778,7 @@
"Content-Type: text/plain\r\n"
"Connection: close\r\n"
"Location: %s;st=%s%s%s%s\r\n"
+ "Content-length: 0\r\n"
"\r\n",
uri->uri_prefix,
((appctx->ctx.stats.st_code > STAT_STATUS_INIT) &&
@@ -5190,7 +5197,7 @@
obj_base_ptr(conn->target));
chunk_appendf(&trash,
- " flags=0x%08x fd=%d fd_spec_e=%02x fd_spec_p=%d updt=%d\n",
+ " flags=0x%08x fd=%d fd.state=%02x fd.cache=%d updt=%d\n",
conn->flags,
conn->t.sock.fd,
conn->t.sock.fd >= 0 ? fdtab[conn->t.sock.fd].state : 0,
@@ -5358,7 +5365,7 @@
/* execute pattern matching */
sample.type = SMP_T_STR;
- sample.flags |= SMP_F_CONST;
+ sample.flags = SMP_F_CONST;
sample.data.str.len = appctx->ctx.map.chunk.len;
sample.data.str.str = appctx->ctx.map.chunk.str;
if (appctx->ctx.map.expr->pat_head->match &&
|
|
[-]
[+]
|
Changed |
_service:download_files:haproxy-1.5.17.tar.gz/src/haproxy-systemd-wrapper.c
^
|
| @@ -123,18 +123,22 @@
static void signal_handler(int signum)
{
- caught_signal = signum;
+ if (caught_signal != SIGINT && caught_signal != SIGTERM)
+ caught_signal = signum;
}
-static void do_restart(void)
+/* handles SIGUSR2 and SIGHUP only */
+static void do_restart(int sig)
{
setenv(REEXEC_FLAG, "1", 1);
- fprintf(stderr, SD_NOTICE "haproxy-systemd-wrapper: re-executing\n");
+ fprintf(stderr, SD_NOTICE "haproxy-systemd-wrapper: re-executing on %s.\n",
+ sig == SIGUSR2 ? "SIGUSR2" : "SIGHUP");
execv(wrapper_argv[0], wrapper_argv);
}
-static void do_shutdown(void)
+/* handles SIGTERM and SIGINT only */
+static void do_shutdown(int sig)
{
int i, pid;
char **pid_strv = NULL;
@@ -142,8 +146,9 @@
for (i = 0; i < nb_pid; ++i) {
pid = atoi(pid_strv[i]);
if (pid > 0) {
- fprintf(stderr, SD_DEBUG "haproxy-systemd-wrapper: SIGINT -> %d\n", pid);
- kill(pid, SIGINT);
+ fprintf(stderr, SD_DEBUG "haproxy-systemd-wrapper: %s -> %d.\n",
+ sig == SIGTERM ? "SIGTERM" : "SIGINT", pid);
+ kill(pid, sig);
free(pid_strv[i]);
}
}
@@ -197,14 +202,16 @@
}
status = -1;
- while (-1 != wait(&status) || errno == EINTR) {
+ while (caught_signal || wait(&status) != -1 || errno == EINTR) {
+ int sig = caught_signal;
+
if (caught_signal == SIGUSR2 || caught_signal == SIGHUP) {
caught_signal = 0;
- do_restart();
+ do_restart(sig);
}
else if (caught_signal == SIGINT || caught_signal == SIGTERM) {
caught_signal = 0;
- do_shutdown();
+ do_shutdown(sig);
}
}
|
|
[-]
[+]
|
Changed |
_service:download_files:haproxy-1.5.17.tar.gz/src/haproxy.c
^
|
| @@ -1,6 +1,6 @@
/*
* HA-Proxy : High Availability-enabled HTTP/TCP proxy
- * Copyright 2000-2014 Willy Tarreau <w@1wt.eu>.
+ * Copyright 2000-2016 Willy Tarreau <willy@haproxy.org>.
*
* This program is free software; you can redistribute it and/or
* modify it under the terms of the GNU General Public License
@@ -25,6 +25,7 @@
*
*/
+#define _GNU_SOURCE
#include <stdio.h>
#include <stdlib.h>
#include <unistd.h>
@@ -47,9 +48,7 @@
#include <syslog.h>
#include <grp.h>
#ifdef USE_CPU_AFFINITY
-#define __USE_GNU
#include <sched.h>
-#undef __USE_GNU
#endif
#ifdef DEBUG_FULL
@@ -216,7 +215,7 @@
void display_version()
{
printf("HA-Proxy version " HAPROXY_VERSION " " HAPROXY_DATE"\n");
- printf("Copyright 2000-2015 Willy Tarreau <willy@haproxy.org>\n\n");
+ printf("Copyright 2000-2016 Willy Tarreau <willy@haproxy.org>\n\n");
}
void display_build_opts()
@@ -503,7 +502,6 @@
struct wordlist *wl;
char *progname;
char *change_dir = NULL;
- struct tm curtime;
chunk_init(&trash, malloc(global.tune.bufsize), global.tune.bufsize);
alloc_trash_buffers(global.tune.bufsize);
@@ -528,15 +526,12 @@
global.rlimit_memmax = HAPROXY_MEMMAX;
#endif
+ tzset();
tv_update_date(-1,-1);
start_date = now;
srandom(now_ms - getpid());
- /* Get the numeric timezone. */
- get_localtime(start_date.tv_sec, &curtime);
- strftime(localtimezone, 6, "%z", &curtime);
-
signal_init();
if (init_acl() != 0)
exit(1);
|
|
[-]
[+]
|
Changed |
_service:download_files:haproxy-1.5.17.tar.gz/src/listener.c
^
|
| @@ -647,6 +647,7 @@
{
struct eb32_node *node;
struct listener *l, *new;
+ char *error;
if (conf->listeners.n != conf->listeners.p) {
memprintf(err, "'%s' can only be used with a single socket", args[cur_arg]);
@@ -659,7 +660,11 @@
}
new = LIST_NEXT(&conf->listeners, struct listener *, by_bind);
- new->luid = atol(args[cur_arg + 1]);
+ new->luid = strtol(args[cur_arg + 1], &error, 10);
+ if (*error != '\0') {
+ memprintf(err, "'%s' : expects an integer argument, found '%s'", args[cur_arg], args[cur_arg + 1]);
+ return ERR_ALERT | ERR_FATAL;
+ }
new->conf.id.key = new->luid;
if (new->luid <= 0) {
|
|
[-]
[+]
|
Changed |
_service:download_files:haproxy-1.5.17.tar.gz/src/log.c
^
|
| @@ -1117,7 +1117,7 @@
case LOG_FMT_DATELOCAL: // %Tl
get_localtime(s->logs.accept_date.tv_sec, &tm);
- ret = localdate2str_log(tmplog, &tm, dst + maxsize - tmplog);
+ ret = localdate2str_log(tmplog, s->logs.accept_date.tv_sec, &tm, dst + maxsize - tmplog);
if (ret == NULL)
goto out;
tmplog = ret;
|
|
[-]
[+]
|
Changed |
_service:download_files:haproxy-1.5.17.tar.gz/src/map.c
^
|
| @@ -149,6 +149,7 @@
default:
memprintf(err, "map: internal haproxy error: no default parse case for the input type <%d>.",
conv->out_type);
+ free(desc);
return 0;
}
|
|
[-]
[+]
|
Changed |
_service:download_files:haproxy-1.5.17.tar.gz/src/pattern.c
^
|
| @@ -887,6 +887,9 @@
}
else
continue;
+ } else {
+ /* impossible */
+ continue;
}
/* Check if the input sample match the current pattern. */
@@ -1901,6 +1904,7 @@
/* Get a lot of memory for the expr struct. */
expr = malloc(sizeof(*expr));
if (!expr) {
+ free(list);
memprintf(err, "out of memory");
return NULL;
}
|
|
[-]
[+]
|
Changed |
_service:download_files:haproxy-1.5.17.tar.gz/src/payload.c
^
|
| @@ -148,21 +148,24 @@
data = (const unsigned char *)s->req->buf->p;
if ((*data >= 0x14 && *data <= 0x17) || (*data == 0xFF)) {
/* SSLv3 header format */
- if (bleft < 5)
+ if (bleft < 11)
goto too_short;
- version = (data[1] << 16) + data[2]; /* version: major, minor */
+ version = (data[1] << 16) + data[2]; /* record layer version: major, minor */
msg_len = (data[3] << 8) + data[4]; /* record length */
/* format introduced with SSLv3 */
if (version < 0x00030000)
goto not_ssl;
- /* message length between 1 and 2^14 + 2048 */
- if (msg_len < 1 || msg_len > ((1<<14) + 2048))
+ /* message length between 6 and 2^14 + 2048 */
+ if (msg_len < 6 || msg_len > ((1<<14) + 2048))
goto not_ssl;
bleft -= 5; data += 5;
+
+ /* return the client hello client version, not the record layer version */
+ version = (data[4] << 16) + data[5]; /* client hello version: major, minor */
} else {
/* SSLv2 header format, only supported for hello (msg type 1) */
int rlen, plen, cilen, silen, chlen;
|
|
[-]
[+]
|
Changed |
_service:download_files:haproxy-1.5.17.tar.gz/src/peers.c
^
|
| @@ -720,7 +720,7 @@
ts = stktable_store(ps->table->table, newts, 0);
newts = NULL; /* don't reuse it */
- ts->upd.key= (++ps->table->table->update)+(2^31);
+ ts->upd.key= (++ps->table->table->update)+(2147483648U);
eb = eb32_insert(&ps->table->table->updates, &ts->upd);
if (eb != &ts->upd) {
eb32_delete(eb);
|
|
[-]
[+]
|
Changed |
_service:download_files:haproxy-1.5.17.tar.gz/src/proto_http.c
^
|
| @@ -1402,11 +1402,12 @@
h = ctx.line + ctx.val;
p = memchr(h, ' ', ctx.vlen);
- if (!p || p == h)
+ len = p - h;
+ if (!p || len <= 0)
return 0;
- chunk_initlen(&auth_method, h, 0, p-h);
- chunk_initlen(&txn->auth.method_data, p+1, 0, ctx.vlen-(p-h)-1);
+ chunk_initlen(&auth_method, h, 0, len);
+ chunk_initlen(&txn->auth.method_data, p + 1, 0, ctx.vlen - len - 1);
if (!strncasecmp("Basic", auth_method.str, auth_method.len)) {
@@ -4151,6 +4152,12 @@
*/
channel_dont_connect(req);
req->analysers = 0; /* remove switching rules etc... */
+
+ /* Allow cookie logging
+ */
+ if (s->be->cookie_name || s->fe->capture_name)
+ manage_client_side_cookies(s, req);
+
req->analysers |= AN_REQ_HTTP_TARPIT;
req->analyse_exp = tick_add_ifset(now_ms, s->be->timeout.tarpit);
if (!req->analyse_exp)
@@ -4164,6 +4171,12 @@
goto done_without_exp;
deny: /* this request was blocked (denied) */
+
+ /* Allow cookie logging
+ */
+ if (s->be->cookie_name || s->fe->capture_name)
+ manage_client_side_cookies(s, req);
+
txn->flags |= TX_CLDENY;
txn->status = 403;
s->logs.tv_request = now;
@@ -4304,8 +4317,7 @@
* the fields will stay coherent and the URI will not move.
* This should only be performed in the backend.
*/
- if ((s->be->cookie_name || s->be->appsession_name || s->fe->capture_name)
- && !(txn->flags & (TX_CLDENY|TX_CLTARPIT)))
+ if (s->be->cookie_name || s->be->appsession_name || s->fe->capture_name)
manage_client_side_cookies(s, req);
/*
@@ -4946,11 +4958,13 @@
s->rep->flags |= CF_EXPECT_MORE;
}
- /* we're removing the analysers, we MUST re-enable events detection */
+ /* we're removing the analysers, we MUST re-enable events detection.
+ * We don't enable close on the response channel since it's either
+ * already closed, or in keep-alive with an idle connection handler.
+ */
channel_auto_read(s->req);
channel_auto_close(s->req);
channel_auto_read(s->rep);
- channel_auto_close(s->rep);
/* we're in keep-alive with an idle connection, monitor it */
si_idle_conn(s->req->cons);
@@ -5001,6 +5015,13 @@
*/
chn->cons->flags |= SI_FL_NOHALF;
+ /* In any case we've finished parsing the request so we must
+ * disable Nagle when sending data because 1) we're not going
+ * to shut this side, and 2) the server is waiting for us to
+ * send pending data.
+ */
+ chn->flags |= CF_NEVER_WAIT;
+
if (txn->rsp.msg_state == HTTP_MSG_ERROR)
goto wait_other_side;
@@ -5015,7 +5036,6 @@
/* if any side switches to tunnel mode, the other one does too */
channel_auto_read(chn);
txn->req.msg_state = HTTP_MSG_TUNNEL;
- chn->flags |= CF_NEVER_WAIT;
goto wait_other_side;
}
@@ -5048,7 +5068,6 @@
if ((txn->flags & TX_CON_WANT_MSK) == TX_CON_WANT_TUN) {
channel_auto_read(chn);
txn->req.msg_state = HTTP_MSG_TUNNEL;
- chn->flags |= CF_NEVER_WAIT;
}
}
@@ -5782,8 +5801,6 @@
else if (rep->flags & CF_READ_TIMEOUT) {
if (msg->err_pos >= 0)
http_capture_bad_message(&s->be->invalid_rep, s, msg, msg->msg_state, s->fe);
- else if (txn->flags & TX_NOT_FIRST)
- goto abort_keep_alive;
s->be->be_counters.failed_resp++;
if (objt_server(s->target)) {
@@ -6770,12 +6787,15 @@
if (res->flags & CF_SHUTR) {
if ((s->req->flags & (CF_SHUTR|CF_SHUTW)) == (CF_SHUTR|CF_SHUTW))
goto aborted_xfer;
- if (!(s->flags & SN_ERR_MASK))
- s->flags |= SN_ERR_SRVCL;
- s->be->be_counters.srv_aborts++;
- if (objt_server(s->target))
- objt_server(s->target)->counters.srv_aborts++;
- goto return_bad_res_stats_ok;
+ /* If we have some pending data, we continue the processing */
+ if (!buffer_pending(res->buf)) {
+ if (!(s->flags & SN_ERR_MASK))
+ s->flags |= SN_ERR_SRVCL;
+ s->be->be_counters.srv_aborts++;
+ if (objt_server(s->target))
+ objt_server(s->target)->counters.srv_aborts++;
+ goto return_bad_res_stats_ok;
+ }
}
/* we need to obey the req analyser, so if it leaves, we must too */
@@ -8673,10 +8693,13 @@
}
if (-occ > found)
return 0;
+
/* OK now we have the last occurrence in [hist_ptr-1], and we need to
- * find occurrence -occ, so we have to check [hist_ptr+occ].
+ * find occurrence -occ. 0 <= hist_ptr < MAX_HDR_HISTORY, and we have
+ * -10 <= occ <= -1. So we have to check [hist_ptr%MAX_HDR_HISTORY+occ]
+ * to remain in the 0..9 range.
*/
- hist_ptr += occ;
+ hist_ptr += occ + MAX_HDR_HISTORY;
if (hist_ptr >= MAX_HDR_HISTORY)
hist_ptr -= MAX_HDR_HISTORY;
*vptr = ptr_hist[hist_ptr];
@@ -11045,9 +11068,11 @@
}
/*
- * Given a url parameter name, returns its value and size into *value and
- * *value_l respectively, and returns non-zero. If the parameter is not found,
- * zero is returned and value/value_l are not touched.
+ * Given a url parameter name and a query string, find the next value.
+ * An empty url_param_name matches the first available parameter.
+ * If the parameter is found, 1 is returned and *value / *value_l are updated
+ * to respectively provide a pointer to the value and its length.
+ * Otherwise, 0 is returned and value/value_l are not modified.
*/
static int
find_url_param_value(char* path, size_t path_l,
@@ -11077,7 +11102,7 @@
*value = value_start;
*value_l = value_end - value_start;
- return value_end != value_start;
+ return 1;
}
static int
@@ -11238,7 +11263,7 @@
*/
static int sample_conv_http_date(const struct arg *args, struct sample *smp)
{
- const char day[7][4] = { "Mon", "Tue", "Wed", "Thu", "Fri", "Sat", "Sun" };
+ const char day[7][4] = { "Sun", "Mon", "Tue", "Wed", "Thu", "Fri", "Sat" };
const char mon[12][4] = { "Jan", "Feb", "Mar", "Apr", "May", "Jun", "Jul", "Aug", "Sep", "Oct", "Nov", "Dec" };
struct chunk *temp;
struct tm *tm;
|
|
[-]
[+]
|
Changed |
_service:download_files:haproxy-1.5.17.tar.gz/src/proto_uxst.c
^
|
| @@ -504,7 +504,7 @@
else if (errno == EAGAIN || errno == EADDRINUSE || errno == EADDRNOTAVAIL) {
char *msg;
if (errno == EAGAIN || errno == EADDRNOTAVAIL) {
- msg = "no free ports";
+ msg = "can't connect to destination unix socket, check backlog size on the server";
conn->err_code = CO_ER_FREE_PORTS;
}
else {
|
|
[-]
[+]
|
Changed |
_service:download_files:haproxy-1.5.17.tar.gz/src/server.c
^
|
| @@ -1613,7 +1613,7 @@
if (!newsrv->check.port &&
(is_inet_addr(&newsrv->check_common.addr) ||
(!is_addr(&newsrv->check_common.addr) && is_inet_addr(&newsrv->addr)))) {
- struct tcpcheck_rule *n = NULL, *r = NULL;
+ struct tcpcheck_rule *r = NULL;
struct list *l;
r = (struct tcpcheck_rule *)newsrv->proxy->tcpcheck_rules.n;
@@ -1632,8 +1632,7 @@
else {
/* scan the tcp-check ruleset to ensure a port has been configured */
l = &newsrv->proxy->tcpcheck_rules;
- list_for_each_entry(n, l, list) {
- r = (struct tcpcheck_rule *)n->list.p;
+ list_for_each_entry(r, l, list) {
if ((r->action == TCPCHK_ACT_CONNECT) && (!r->port)) {
Alert("parsing [%s:%d] : server %s has neither service port nor check port, and a tcp_check rule 'connect' with no port information. Check has been disabled.\n",
file, linenum, newsrv->id);
|
|
[-]
[+]
|
Changed |
_service:download_files:haproxy-1.5.17.tar.gz/src/session.c
^
|
| @@ -887,6 +887,7 @@
*/
if (objt_server(s->target) &&
(si->conn_retries == 0 ||
+ (__objt_server(s->target)->state < SRV_ST_RUNNING) ||
(!(s->flags & SN_DIRECT) && s->be->srv_act > 1 &&
((s->be->lbprm.algo & BE_LB_KIND) == BE_LB_KIND_RR))) &&
s->be->options & PR_O_REDISP && !(s->flags & SN_FORCE_PRST)) {
@@ -2213,10 +2214,6 @@
if (unlikely((s->req->flags & (CF_SHUTW|CF_SHUTW_NOW|CF_AUTO_CLOSE|CF_SHUTR)) ==
(CF_AUTO_CLOSE|CF_SHUTR))) {
channel_shutw_now(s->req);
- if (tick_isset(s->fe->timeout.clientfin)) {
- s->rep->wto = s->fe->timeout.clientfin;
- s->rep->wex = tick_add(now_ms, s->rep->wto);
- }
}
/* shutdown(write) pending */
@@ -2241,10 +2238,6 @@
if (s->req->prod->flags & SI_FL_NOHALF)
s->req->prod->flags |= SI_FL_NOLINGER;
si_shutr(s->req->prod);
- if (tick_isset(s->fe->timeout.clientfin)) {
- s->rep->wto = s->fe->timeout.clientfin;
- s->rep->wex = tick_add(now_ms, s->rep->wto);
- }
}
/* it's possible that an upper layer has requested a connection setup or abort.
@@ -2391,10 +2384,6 @@
if (unlikely((s->rep->flags & (CF_SHUTW|CF_SHUTW_NOW|CF_AUTO_CLOSE|CF_SHUTR)) ==
(CF_AUTO_CLOSE|CF_SHUTR))) {
channel_shutw_now(s->rep);
- if (tick_isset(s->be->timeout.serverfin)) {
- s->req->wto = s->be->timeout.serverfin;
- s->req->wex = tick_add(now_ms, s->req->wto);
- }
}
/* shutdown(write) pending */
@@ -2417,10 +2406,6 @@
if (s->rep->prod->flags & SI_FL_NOHALF)
s->rep->prod->flags |= SI_FL_NOLINGER;
si_shutr(s->rep->prod);
- if (tick_isset(s->be->timeout.serverfin)) {
- s->req->wto = s->be->timeout.serverfin;
- s->req->wex = tick_add(now_ms, s->req->wto);
- }
}
if (s->req->prod->state == SI_ST_DIS || s->req->cons->state == SI_ST_DIS)
|
|
[-]
[+]
|
Changed |
_service:download_files:haproxy-1.5.17.tar.gz/src/ssl_sock.c
^
|
| @@ -3988,9 +3988,12 @@
free(conf->npn_str);
- /* the NPN string is built as a suite of (<len> <name>)* */
+ /* the NPN string is built as a suite of (<len> <name>)*,
+ * so we reuse each comma to store the next <len> and need
+ * one more for the end of the string.
+ */
conf->npn_len = strlen(args[cur_arg + 1]) + 1;
- conf->npn_str = calloc(1, conf->npn_len);
+ conf->npn_str = calloc(1, conf->npn_len + 1);
memcpy(conf->npn_str + 1, args[cur_arg + 1], conf->npn_len);
/* replace commas with the name length */
@@ -4036,9 +4039,12 @@
free(conf->alpn_str);
- /* the ALPN string is built as a suite of (<len> <name>)* */
+ /* the ALPN string is built as a suite of (<len> <name>)*,
+ * so we reuse each comma to store the next <len> and need
+ * one more for the end of the string.
+ */
conf->alpn_len = strlen(args[cur_arg + 1]) + 1;
- conf->alpn_str = calloc(1, conf->alpn_len);
+ conf->alpn_str = calloc(1, conf->alpn_len + 1);
memcpy(conf->alpn_str + 1, args[cur_arg + 1], conf->alpn_len);
/* replace commas with the name length */
|
|
[-]
[+]
|
Changed |
_service:download_files:haproxy-1.5.17.tar.gz/src/standard.c
^
|
| @@ -1704,8 +1704,10 @@
bad_input:
memprintf(err, "an hex digit is expected (found '%c')", p[i-1]);
- if (alloc)
- free(binstr);
+ if (alloc) {
+ free(*binstr);
+ *binstr = NULL;
+ }
return 0;
}
@@ -2202,6 +2204,70 @@
return dst;
}
+/* Base year used to compute leap years */
+#define TM_YEAR_BASE 1900
+
+/* Return the difference in seconds between two times (leap seconds are ignored).
+ * Retrieved from glibc 2.18 source code.
+ */
+static int my_tm_diff(const struct tm *a, const struct tm *b)
+{
+ /* Compute intervening leap days correctly even if year is negative.
+ * Take care to avoid int overflow in leap day calculations,
+ * but it's OK to assume that A and B are close to each other.
+ */
+ int a4 = (a->tm_year >> 2) + (TM_YEAR_BASE >> 2) - ! (a->tm_year & 3);
+ int b4 = (b->tm_year >> 2) + (TM_YEAR_BASE >> 2) - ! (b->tm_year & 3);
+ int a100 = a4 / 25 - (a4 % 25 < 0);
+ int b100 = b4 / 25 - (b4 % 25 < 0);
+ int a400 = a100 >> 2;
+ int b400 = b100 >> 2;
+ int intervening_leap_days = (a4 - b4) - (a100 - b100) + (a400 - b400);
+ int years = a->tm_year - b->tm_year;
+ int days = (365 * years + intervening_leap_days
+ + (a->tm_yday - b->tm_yday));
+ return (60 * (60 * (24 * days + (a->tm_hour - b->tm_hour))
+ + (a->tm_min - b->tm_min))
+ + (a->tm_sec - b->tm_sec));
+}
+
+/* Return the GMT offset for a specific local time.
+ * Both t and tm must represent the same time.
+ * The string returned has the same format as returned by strftime(... "%z", tm).
+ * Offsets are kept in an internal cache for better performances.
+ */
+const char *get_gmt_offset(time_t t, struct tm *tm)
+{
+ /* Cache offsets from GMT (depending on whether DST is active or not) */
+ static char gmt_offsets[2][5+1] = { "", "" };
+
+ char *gmt_offset;
+ struct tm tm_gmt;
+ int diff;
+ int isdst = tm->tm_isdst;
+
+ /* Pretend DST not active if its status is unknown */
+ if (isdst < 0)
+ isdst = 0;
+
+ /* Fetch the offset and initialize it if needed */
+ gmt_offset = gmt_offsets[isdst & 0x01];
+ if (unlikely(!*gmt_offset)) {
+ get_gmtime(t, &tm_gmt);
+ diff = my_tm_diff(tm, &tm_gmt);
+ if (diff < 0) {
+ diff = -diff;
+ *gmt_offset = '-';
+ } else {
+ *gmt_offset = '+';
+ }
+ diff /= 60; /* Convert to minutes */
+ snprintf(gmt_offset+1, 4+1, "%02d%02d", diff/60, diff%60);
+ }
+
+ return gmt_offset;
+}
+
/* gmt2str_log: write a date in the format :
* "%02d/%s/%04d:%02d:%02d:%02d +0000" without using snprintf
* return a pointer to the last char written (\0) or
@@ -2237,14 +2303,18 @@
/* localdate2str_log: write a date in the format :
* "%02d/%s/%04d:%02d:%02d:%02d +0000(local timezone)" without using snprintf
- * * return a pointer to the last char written (\0) or
- * * NULL if there isn't enough space.
+ * Both t and tm must represent the same time.
+ * return a pointer to the last char written (\0) or
+ * NULL if there isn't enough space.
*/
-char *localdate2str_log(char *dst, struct tm *tm, size_t size)
+char *localdate2str_log(char *dst, time_t t, struct tm *tm, size_t size)
{
+ const char *gmt_offset;
if (size < 27) /* the size is fixed: 26 chars + \0 */
return NULL;
+ gmt_offset = get_gmt_offset(t, tm);
+
dst = utoa_pad((unsigned int)tm->tm_mday, dst, 3); // day
*dst++ = '/';
memcpy(dst, monthname[tm->tm_mon], 3); // month
@@ -2258,7 +2328,7 @@
*dst++ = ':';
dst = utoa_pad((unsigned int)tm->tm_sec, dst, 3); // secondes
*dst++ = ' ';
- memcpy(dst, localtimezone, 5); // timezone
+ memcpy(dst, gmt_offset, 5); // Offset from local time to GMT
dst += 5;
*dst = '\0';
|
|
[-]
[+]
|
Changed |
_service:download_files:haproxy-1.5.17.tar.gz/src/stick_table.c
^
|
| @@ -385,6 +385,7 @@
if (t->size) {
memset(&t->keys, 0, sizeof(t->keys));
memset(&t->exps, 0, sizeof(t->exps));
+ t->updates = EB_ROOT_UNIQUE;
t->pool = create_pool("sticktables", sizeof(struct stksess) + t->data_size + t->key_size, MEM_F_SHARED);
|
