diff options
author | Francis Lavoie <lavofr@gmail.com> | 2021-04-02 18:47:04 -0400 |
---|---|---|
committer | GitHub <noreply@github.com> | 2021-04-02 16:47:04 -0600 |
commit | 1455d6bb690d8c91159a709cc6d1a0dc01ed9153 (patch) | |
tree | f1485ec7cf841bc40506db97d4a83758c79b5ffe | |
parent | 3401f91dbeae80d22c8df9a4a50de521c69c9e00 (diff) |
httpcaddyfile: Fix panic in automation policy consolidation (#4104)
* httpcaddyfile: Add reproduce test
* httpcaddyfile: Don't allow `i` to go below zero
-rw-r--r-- | caddyconfig/httpcaddyfile/tlsapp.go | 3 | ||||
-rw-r--r-- | caddytest/integration/caddyfile_adapt/tls_automation_policies_4.txt | 155 |
2 files changed, 157 insertions, 1 deletions
diff --git a/caddyconfig/httpcaddyfile/tlsapp.go b/caddyconfig/httpcaddyfile/tlsapp.go index 45ba9d2..85f9e5a 100644 --- a/caddyconfig/httpcaddyfile/tlsapp.go +++ b/caddyconfig/httpcaddyfile/tlsapp.go @@ -491,13 +491,13 @@ func consolidateAutomationPolicies(aps []*caddytls.AutomationPolicy) []*caddytls } // remove or combine duplicate policies +outer: for i := 0; i < len(aps); i++ { // compare only with next policies; we sorted by specificity so we must not delete earlier policies for j := i + 1; j < len(aps); j++ { // if they're exactly equal in every way, just keep one of them if reflect.DeepEqual(aps[i], aps[j]) { aps = append(aps[:j], aps[j+1:]...) - i-- break } @@ -524,6 +524,7 @@ func consolidateAutomationPolicies(aps []*caddytls.AutomationPolicy) []*caddytls if automationPolicyShadows(i, aps) >= j { aps = append(aps[:i], aps[i+1:]...) i-- + continue outer } } else { // avoid repeated subjects diff --git a/caddytest/integration/caddyfile_adapt/tls_automation_policies_4.txt b/caddytest/integration/caddyfile_adapt/tls_automation_policies_4.txt new file mode 100644 index 0000000..502dbd0 --- /dev/null +++ b/caddytest/integration/caddyfile_adapt/tls_automation_policies_4.txt @@ -0,0 +1,155 @@ +{ + email my.email@example.com +} + +:82 { + redir https://example.com{uri} +} + +:83 { + redir https://example.com{uri} +} + +:84 { + redir https://example.com{uri} +} + +abc.de { + redir https://example.com{uri} +} +---------- +{ + "apps": { + "http": { + "servers": { + "srv0": { + "listen": [ + ":443" + ], + "routes": [ + { + "match": [ + { + "host": [ + "abc.de" + ] + } + ], + "handle": [ + { + "handler": "subroute", + "routes": [ + { + "handle": [ + { + "handler": "static_response", + "headers": { + "Location": [ + "https://example.com{http.request.uri}" + ] + }, + "status_code": 302 + } + ] + } + ] + } + ], + "terminal": true + } + ] + }, + "srv1": { + "listen": [ + ":82" + ], + "routes": [ + { + "handle": [ + { + "handler": "static_response", + "headers": { + "Location": [ + "https://example.com{http.request.uri}" + ] + }, + "status_code": 302 + } + ] + } + ] + }, + "srv2": { + "listen": [ + ":83" + ], + "routes": [ + { + "handle": [ + { + "handler": "static_response", + "headers": { + "Location": [ + "https://example.com{http.request.uri}" + ] + }, + "status_code": 302 + } + ] + } + ] + }, + "srv3": { + "listen": [ + ":84" + ], + "routes": [ + { + "handle": [ + { + "handler": "static_response", + "headers": { + "Location": [ + "https://example.com{http.request.uri}" + ] + }, + "status_code": 302 + } + ] + } + ] + } + } + }, + "tls": { + "automation": { + "policies": [ + { + "issuers": [ + { + "email": "my.email@example.com", + "module": "acme" + }, + { + "email": "my.email@example.com", + "module": "zerossl" + } + ] + }, + { + "issuers": [ + { + "email": "my.email@example.com", + "module": "acme" + }, + { + "email": "my.email@example.com", + "module": "zerossl" + } + ] + } + ] + } + } + } +}
\ No newline at end of file |