修正PANGU白名单业务action编号反转为负引起的白名单优先级倒置的问题
* 原实现在将action(char类型)转换为enum时,没有先转换为unsigned char,导致action=0x80时反转为负值,现修正。
This commit is contained in:
Lu Qiuwen
@@ -417,17 +417,20 @@ static enum pangu_action decide_ctrl_action(const struct Maat_rule_t * hit_rules
|
||||
|
||||
for (i = 0; i < n_hit; i++)
|
||||
{
|
||||
if ((enum pangu_action) hit_rules[i].action == PG_ACTION_MONIT)
|
||||
unsigned char __expand_action = (unsigned char) hit_rules[i].action;
|
||||
enum pangu_action __action = (enum pangu_action) __expand_action;
|
||||
|
||||
if (__action == PG_ACTION_MONIT)
|
||||
{
|
||||
memcpy(monit_rule + n_monit, hit_rules + i, sizeof(struct Maat_rule_t));
|
||||
n_monit++;
|
||||
}
|
||||
if (action_cmp((enum pangu_action) hit_rules[i].action, prior_action)>0)
|
||||
if (action_cmp(__action, prior_action) > 0)
|
||||
{
|
||||
prior_rule = hit_rules + i;
|
||||
prior_action = (enum pangu_action) hit_rules[i].action;
|
||||
prior_action = __action;
|
||||
}
|
||||
else if (action_cmp((enum pangu_action) hit_rules[i].action, prior_action) == 0)
|
||||
else if (action_cmp(__action, prior_action) == 0)
|
||||
{
|
||||
if (hit_rules[i].config_id > prior_rule->config_id)
|
||||
{
|
||||
@@ -456,7 +459,6 @@ static enum pangu_action decide_ctrl_action(const struct Maat_rule_t * hit_rules
|
||||
}
|
||||
|
||||
*enforce_rules = (struct Maat_rule_t *) realloc(*enforce_rules, sizeof(struct Maat_rule_t) * (*n_enforce));
|
||||
|
||||
if (prior_action == PG_ACTION_MONIT)
|
||||
{
|
||||
memcpy(*enforce_rules + exist_enforce_num, monit_rule, n_monit * sizeof(struct Maat_rule_t));
|
||||
@@ -847,6 +849,7 @@ enum pangu_action http_scan(const struct tfe_http_session * session, enum tfe_ht
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
if ((events & EV_HTTP_REQ_BODY_BEGIN) | (events & EV_HTTP_RESP_BODY_BEGIN))
|
||||
{
|
||||
assert(ctx->sp == NULL);
|
||||
@@ -854,6 +857,7 @@ enum pangu_action http_scan(const struct tfe_http_session * session, enum tfe_ht
|
||||
->scan_table_id[PXY_CTRL_HTTP_RES_BODY];
|
||||
ctx->sp = Maat_stream_scan_string_start(g_pangu_rt->maat, table_id, ctx->thread_id);
|
||||
}
|
||||
|
||||
if (body_frag != NULL)
|
||||
{
|
||||
scan_ret = Maat_stream_scan_string(&(ctx->sp), CHARSET_UTF8, (const char *) body_frag, (int) frag_size,
|
||||
@@ -863,6 +867,7 @@ enum pangu_action http_scan(const struct tfe_http_session * session, enum tfe_ht
|
||||
hit_cnt += scan_ret;
|
||||
}
|
||||
}
|
||||
|
||||
if ((events & EV_HTTP_REQ_BODY_END) | (events & EV_HTTP_RESP_BODY_END))
|
||||
{
|
||||
Maat_stream_scan_string_end(&(ctx->sp));
|
||||
@@ -872,6 +877,8 @@ enum pangu_action http_scan(const struct tfe_http_session * session, enum tfe_ht
|
||||
if (hit_cnt > 0)
|
||||
{
|
||||
ctx->action = decide_ctrl_action(result, hit_cnt, &ctx->enforce_rules, &ctx->n_enforce);
|
||||
if (ctx->action == PG_ACTION_WHITELIST) goto __out;
|
||||
|
||||
size_t __serv_def_len = (size_t)ctx->enforce_rules[0].serv_def_len;
|
||||
ctx->enforce_para = ALLOC(char, __serv_def_len);
|
||||
|
||||
@@ -895,11 +902,14 @@ enum pangu_action http_scan(const struct tfe_http_session * session, enum tfe_ht
|
||||
}
|
||||
|
||||
*p = '\0';
|
||||
|
||||
TFE_LOG_INFO(g_pangu_rt->local_logger, "Multiple rules matched: url=%s num=%lu ids=%s execute=%d.",
|
||||
session->req->req_spec.url, hit_cnt, buff, ctx->enforce_rules[0].config_id);
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
__out:
|
||||
return ctx->action;
|
||||
}
|
||||
void enforce_control_policy(const struct tfe_stream * stream, const struct tfe_http_session * session,
|
||||
|
||||
Reference in New Issue
Block a user