From 759b7a594d746271addcb214a1ed275b9dcfb128 Mon Sep 17 00:00:00 2001 From: Willy Tarreau Date: Fri, 12 Feb 2021 11:14:35 +0100 Subject: [PATCH] BUG/MEDIUM: config: don't pick unset values from last defaults section Since commit 1.3.14 with commit 1fa3126ec ("[MEDIUM] introduce separation between contimeout, and tarpit + queue"), check_config_validity() looks at the last defaults section to update all proxies' queue and tarpit timeouts if they were not set! This was apparently an attempt to properly set them on the fallback values, except that the fallback values were taken from the default proxy before looking at the current proxy itself. The worst part of it is that it might have randomly worked by accident for some configurations when there was a single defaults section, but has certainly caused too short queue expirations once another defaults section was added later in the file with these explicitly defined. Let's remove the defproxy part and keep only the curproxy ones. This could be backported everywhere, the bug has been there for 13 years. (cherry picked from commit 937c3ead34becd6851572a8280831d760f612a09) Signed-off-by: Christopher Faulet --- src/cfgparse.c | 31 ++++--------------------------- 1 file changed, 4 insertions(+), 27 deletions(-) diff --git a/src/cfgparse.c b/src/cfgparse.c index 5d17b9f..85e36a1 100644 --- a/src/cfgparse.c +++ b/src/cfgparse.c @@ -2982,33 +2982,10 @@ out_uri_auth_compat: * We must still support older configurations, so let's find out whether those * parameters have been set or must be copied from contimeouts. */ - if (curproxy != &defproxy) { - if (!curproxy->timeout.tarpit || - curproxy->timeout.tarpit == defproxy.timeout.tarpit) { - /* tarpit timeout not set. We search in the following order: - * default.tarpit, curr.connect, default.connect. - */ - if (defproxy.timeout.tarpit) - curproxy->timeout.tarpit = defproxy.timeout.tarpit; - else if (curproxy->timeout.connect) - curproxy->timeout.tarpit = curproxy->timeout.connect; - else if (defproxy.timeout.connect) - curproxy->timeout.tarpit = defproxy.timeout.connect; - } - if ((curproxy->cap & PR_CAP_BE) && - (!curproxy->timeout.queue || - curproxy->timeout.queue == defproxy.timeout.queue)) { - /* queue timeout not set. We search in the following order: - * default.queue, curr.connect, default.connect. - */ - if (defproxy.timeout.queue) - curproxy->timeout.queue = defproxy.timeout.queue; - else if (curproxy->timeout.connect) - curproxy->timeout.queue = curproxy->timeout.connect; - else if (defproxy.timeout.connect) - curproxy->timeout.queue = defproxy.timeout.connect; - } - } + if (!curproxy->timeout.tarpit) + curproxy->timeout.tarpit = curproxy->timeout.connect; + if ((curproxy->cap & PR_CAP_BE) && !curproxy->timeout.queue) + curproxy->timeout.queue = curproxy->timeout.connect; if ((curproxy->tcpcheck_rules.flags & TCPCHK_RULES_UNUSED_TCP_RS)) { ha_warning("config : %s '%s' uses tcp-check rules without 'option tcp-check', so the rules are ignored.\n", -- 1.7.10.4