From 93275546cb8bb812b05768f1a1e86f0492b917c4 Mon Sep 17 00:00:00 2001 From: Willy Tarreau Date: Fri, 12 Feb 2021 11:14:35 +0100 Subject: [PATCH] BUG/MEDIUM: config: don't pick unset values from last defaults section Since commit 1.3.14 with commit 1fa3126ec ("[MEDIUM] introduce separation between contimeout, and tarpit + queue"), check_config_validity() looks at the last defaults section to update all proxies' queue and tarpit timeouts if they were not set! This was apparently an attempt to properly set them on the fallback values, except that the fallback values were taken from the default proxy before looking at the current proxy itself. The worst part of it is that it might have randomly worked by accident for some configurations when there was a single defaults section, but has certainly caused too short queue expirations once another defaults section was added later in the file with these explicitly defined. Let's remove the defproxy part and keep only the curproxy ones. This could be backported everywhere, the bug has been there for 13 years. (cherry picked from commit 937c3ead34becd6851572a8280831d760f612a09) Signed-off-by: Christopher Faulet (cherry picked from commit 759b7a594d746271addcb214a1ed275b9dcfb128) Signed-off-by: Christopher Faulet (cherry picked from commit 29934fbb22598389a8b5fb0db817545173ed6550) Signed-off-by: Christopher Faulet --- src/cfgparse.c | 31 ++++--------------------------- 1 file changed, 4 insertions(+), 27 deletions(-) diff --git a/src/cfgparse.c b/src/cfgparse.c index 054d4f0..a4526b3 100644 --- a/src/cfgparse.c +++ b/src/cfgparse.c @@ -3064,33 +3064,10 @@ out_uri_auth_compat: * We must still support older configurations, so let's find out whether those * parameters have been set or must be copied from contimeouts. */ - if (curproxy != &defproxy) { - if (!curproxy->timeout.tarpit || - curproxy->timeout.tarpit == defproxy.timeout.tarpit) { - /* tarpit timeout not set. We search in the following order: - * default.tarpit, curr.connect, default.connect. - */ - if (defproxy.timeout.tarpit) - curproxy->timeout.tarpit = defproxy.timeout.tarpit; - else if (curproxy->timeout.connect) - curproxy->timeout.tarpit = curproxy->timeout.connect; - else if (defproxy.timeout.connect) - curproxy->timeout.tarpit = defproxy.timeout.connect; - } - if ((curproxy->cap & PR_CAP_BE) && - (!curproxy->timeout.queue || - curproxy->timeout.queue == defproxy.timeout.queue)) { - /* queue timeout not set. We search in the following order: - * default.queue, curr.connect, default.connect. - */ - if (defproxy.timeout.queue) - curproxy->timeout.queue = defproxy.timeout.queue; - else if (curproxy->timeout.connect) - curproxy->timeout.queue = curproxy->timeout.connect; - else if (defproxy.timeout.connect) - curproxy->timeout.queue = defproxy.timeout.connect; - } - } + if (!curproxy->timeout.tarpit) + curproxy->timeout.tarpit = curproxy->timeout.connect; + if ((curproxy->cap & PR_CAP_BE) && !curproxy->timeout.queue) + curproxy->timeout.queue = curproxy->timeout.connect; if ((curproxy->options2 & PR_O2_CHK_ANY) == PR_O2_SSL3_CHK) { curproxy->check_len = sizeof(sslv3_client_hello_pkt) - 1; -- 1.7.10.4