MINOR: acl: Warn when an ACL is named 'or'

Consider a configuration like this:

> acl t always_true
> acl or always_false
>
> http-response set-header Foo Bar if t or t

The 'or' within the condition will be treated as a logical disjunction
and the header will be set, despite the ACL 'or' being falsy.

This patch makes it an error to declare such an ACL that will never
work. This patch may be backported to stable releases, turning the
error into a warning only (the code was written in a way to make this
trivial). It should not break anything and might improve the users'
lifes.

(cherry picked from commit 0cf811a5f941261176b67046dbc542d0479ff4a7)
[wt: turned the error into a warning only]
Signed-off-by: Willy Tarreau <w@1wt.eu>

diff --git a/src/cfgparse-listen.c b/src/cfgparse-listen.c
index b1f5c07..4fc5e9a 100644 (file)
--- a/src/cfgparse-listen.c
+++ b/src/cfgparse-listen.c
@@ -805,6 +805,13 @@ int cfg_parse_listen(const char *file, int linenum, char **args, int kwm)
                        goto out;
                }
 
+               if (strcasecmp(args[1], "or") == 0) {
+                       ha_warning("parsing [%s:%d] : acl name '%s' will never match. 'or' is used to express a "
+                                  "logical disjunction within a condition.\n",
+                                  file, linenum, args[1]);
+                       err_code |= ERR_WARN;
+               }
+
                if (parse_acl((const char **)args + 1, &curproxy->acl, &errmsg, &curproxy->conf.args, file, linenum) == NULL) {
                        ha_alert("parsing [%s:%d] : error detected while parsing ACL '%s' : %s.\n",
                                 file, linenum, args[1], errmsg);

diff --git a/src/fcgi-app.c b/src/fcgi-app.c
index 2e01cdb..b6bd6bb 100644 (file)
--- a/src/fcgi-app.c
+++ b/src/fcgi-app.c
@@ -884,11 +884,19 @@ static int cfg_parse_fcgi_app(const char *file, int linenum, char **args, int kw
                        ha_alert("parsing [%s:%d] : character '%c' is not permitted in acl name '%s'.\n",
                                 file, linenum, *err, args[1]);
                        err_code |= ERR_ALERT | ERR_FATAL;
+                       goto out;
+               }
+               if (strcasecmp(args[1], "or") == 0) {
+                       ha_warning("parsing [%s:%d] : acl name '%s' will never match. 'or' is used to express a "
+                                  "logical disjunction within a condition.\n",
+                                  file, linenum, args[1]);
+                       err_code |= ERR_WARN;
                }
-               else if (parse_acl((const char **)args+1, &curapp->acls, &errmsg, &curapp->conf.args, file, linenum) == NULL) {
+               if (parse_acl((const char **)args+1, &curapp->acls, &errmsg, &curapp->conf.args, file, linenum) == NULL) {
                        ha_alert("parsing [%s:%d] : error detected while parsing ACL '%s' : %s.\n",
                                 file, linenum, args[1], errmsg);
                        err_code |= ERR_ALERT | ERR_FATAL;
+                       goto out;
                }
        }
        else if (!strcmp(args[0], "set-param")) {

diff --git a/src/flt_spoe.c b/src/flt_spoe.c
index f23cafe..930ac8d 100644 (file)
--- a/src/flt_spoe.c
+++ b/src/flt_spoe.c
@@ -3991,6 +3991,12 @@ cfg_parse_spoe_message(const char *file, int linenum, char **args, int kwm)
                        err_code |= ERR_ALERT | ERR_FATAL;
                        goto out;
                }
+               if (strcasecmp(args[1], "or") == 0) {
+                       ha_warning("parsing [%s:%d] : acl name '%s' will never match. 'or' is used to express a "
+                                  "logical disjunction within a condition.\n",
+                                  file, linenum, args[1]);
+                       err_code |= ERR_WARN;
+               }
                if (parse_acl((const char **)args + 1, &curmsg->acls, &errmsg, &curproxy->conf.args, file, linenum) == NULL) {
                        ha_alert("parsing [%s:%d] : error detected while parsing ACL '%s' : %s.\n",
                                 file, linenum, args[1], errmsg);