This makes the code cleaner, because proxy_authority can be handled like proxy_unique_id. --- include/haproxy/connection-t.h | 5 ++--- include/haproxy/connection.h | 6 +++--- src/connection.c | 28 +++++++++++++++++----------- 3 files changed, 22 insertions(+), 17 deletions(-)
diff --git a/include/haproxy/connection-t.h b/include/haproxy/connection-t.h index 0bcceacff..0c4a6649c 100644 --- a/include/haproxy/connection-t.h +++ b/include/haproxy/connection-t.h @@ -533,9 +533,8 @@ struct connection { void (*destroy_cb)(struct connection *conn); /* callback to notify of imminent death of the connection */ struct sockaddr_storage *src; /* source address (pool), when known, otherwise NULL */ struct sockaddr_storage *dst; /* destination address (pool), when known, otherwise NULL */ - char *proxy_authority; /* Value of authority TLV received via PROXYv2 */ - uint8_t proxy_authority_len; /* Length of authority TLV received via PROXYv2 */ - struct ist proxy_unique_id; /* Value of the unique ID TLV received via PROXYv2 */ + struct ist proxy_authority; /* Value of the authority TLV received via PROXYv2 */ + struct ist proxy_unique_id; /* Value of the unique ID TLV received via PROXYv2 */ struct quic_conn *qc; /* Only present if this connection is a QUIC one */ /* used to identify a backend connection for http-reuse, diff --git a/include/haproxy/connection.h b/include/haproxy/connection.h index 33c1380cc..46a521e01 100644 --- a/include/haproxy/connection.h +++ b/include/haproxy/connection.h @@ -355,7 +355,7 @@ static inline void conn_init(struct connection *conn, void *target) conn->subs = NULL; conn->src = NULL; conn->dst = NULL; - conn->proxy_authority = NULL; + conn->proxy_authority = IST_NULL; conn->proxy_unique_id = IST_NULL; conn->hash_node = NULL; } @@ -553,8 +553,8 @@ static inline void conn_free(struct connection *conn) sockaddr_free(&conn->src); sockaddr_free(&conn->dst); - pool_free(pool_head_authority, conn->proxy_authority); - conn->proxy_authority = NULL; + pool_free(pool_head_authority, istptr(conn->proxy_authority)); + conn->proxy_authority = IST_NULL; pool_free(pool_head_uniqueid, istptr(conn->proxy_unique_id)); conn->proxy_unique_id = IST_NULL; diff --git a/src/connection.c b/src/connection.c index 10bc6712f..716de51f8 100644 --- a/src/connection.c +++ b/src/connection.c @@ -487,13 +487,19 @@ int conn_recv_proxy(struct connection *conn, int flag) } #endif case PP2_TYPE_AUTHORITY: { - if (tlv_len > PP2_AUTHORITY_MAX) + const struct ist tlv = ist2((const char *)tlv_packet->value, tlv_len); + + if (istlen(tlv) > PP2_AUTHORITY_MAX) goto bad_header; - conn->proxy_authority = pool_alloc(pool_head_authority); - if (conn->proxy_authority == NULL) + conn->proxy_authority = ist2(pool_alloc(pool_head_authority), 0); + if (!isttest(conn->proxy_authority)) goto fail; - memcpy(conn->proxy_authority, (const char *)tlv_packet->value, tlv_len); - conn->proxy_authority_len = tlv_len; + if (istcpy(&conn->proxy_authority, tlv, PP2_AUTHORITY_MAX) < 0) { + /* This is technically unreachable, because we verified above + * that the TLV value fits. + */ + goto fail; + } break; } case PP2_TYPE_UNIQUE_ID: { @@ -1188,9 +1194,9 @@ int make_proxy_line_v2(char *buf, int buf_len, struct server *srv, struct connec if (srv->pp_opts & SRV_PP_V2_AUTHORITY) { value = NULL; - if (remote && remote->proxy_authority) { - value = remote->proxy_authority; - value_len = remote->proxy_authority_len; + if (remote && isttest(remote->proxy_authority)) { + value = istptr(remote->proxy_authority); + value_len = istlen(remote->proxy_authority); } #ifdef USE_OPENSSL else { @@ -1354,13 +1360,13 @@ int smp_fetch_fc_pp_authority(const struct arg *args, struct sample *smp, const return 0; } - if (conn->proxy_authority == NULL) + if (!isttest(conn->proxy_authority)) return 0; smp->flags = 0; smp->data.type = SMP_T_STR; - smp->data.u.str.area = conn->proxy_authority; - smp->data.u.str.data = conn->proxy_authority_len; + smp->data.u.str.area = istptr(conn->proxy_authority); + smp->data.u.str.data = istlen(conn->proxy_authority); return 1; } -- 2.30.1