From 20e99fa409d9e45f500c4a0260d67336a52cfbc7 Mon Sep 17 00:00:00 2001 From: Manuel de Brito Fontes Date: Fri, 26 May 2017 14:25:06 -0400 Subject: [PATCH] Update sniff parser to fix index out of bound error --- Godeps/Godeps.json | 2 +- controllers/nginx/pkg/cmd/controller/nginx.go | 70 +++++++++---------- controllers/nginx/pkg/cmd/controller/tcp.go | 4 ++ .../github.com/paultag/sniff/parser/parser.go | 2 +- 4 files changed, 41 insertions(+), 37 deletions(-) diff --git a/Godeps/Godeps.json b/Godeps/Godeps.json index 8f00b37e0..d12fd9936 100644 --- a/Godeps/Godeps.json +++ b/Godeps/Godeps.json @@ -191,7 +191,7 @@ }, { "ImportPath": "github.com/paultag/sniff/parser", - "Rev": "c36b8585a41425573d9e3e1890bf3b6ac89a3828" + "Rev": "558797aed1e6daa735d8fada0b863b89d72dcfba" }, { "ImportPath": "github.com/pborman/uuid", diff --git a/controllers/nginx/pkg/cmd/controller/nginx.go b/controllers/nginx/pkg/cmd/controller/nginx.go index fc1d7bb4e..133bc9a55 100644 --- a/controllers/nginx/pkg/cmd/controller/nginx.go +++ b/controllers/nginx/pkg/cmd/controller/nginx.go @@ -417,6 +417,41 @@ func (n *NGINXController) OnUpdate(ingressCfg ingress.Configuration) ([]byte, er cfg := ngx_template.ReadConfig(n.configmap.Data) cfg.Resolver = n.resolver + servers := []*server{} + for _, pb := range ingressCfg.PassthroughBackends { + svc := pb.Service + if svc == nil { + glog.Warningf("missing service for PassthroughBackends %v", pb.Backend) + continue + } + port, err := strconv.Atoi(pb.Port.String()) + if err != nil { + for _, sp := range svc.Spec.Ports { + if sp.Name == pb.Port.String() { + port = int(sp.Port) + break + } + } + } else { + for _, sp := range svc.Spec.Ports { + if sp.Port == int32(port) { + port = int(sp.Port) + break + } + } + } + + //TODO: Allow PassthroughBackends to specify they support proxy-protocol + servers = append(servers, &server{ + Hostname: pb.Hostname, + IP: svc.Spec.ClusterIP, + Port: port, + ProxyProtocol: false, + }) + } + + n.proxy.ServerList = servers + // we need to check if the status module configuration changed if cfg.EnableVtsStatus { n.setupMonitor(vtsStatusModule) @@ -513,41 +548,6 @@ func (n *NGINXController) OnUpdate(ingressCfg ingress.Configuration) ([]byte, er return nil, err } - servers := []*server{} - for _, pb := range ingressCfg.PassthroughBackends { - svc := pb.Service - if svc == nil { - glog.Warningf("missing service for PassthroughBackends %v", pb.Backend) - continue - } - port, err := strconv.Atoi(pb.Port.String()) - if err != nil { - for _, sp := range svc.Spec.Ports { - if sp.Name == pb.Port.String() { - port = int(sp.Port) - break - } - } - } else { - for _, sp := range svc.Spec.Ports { - if sp.Port == int32(port) { - port = int(sp.Port) - break - } - } - } - - //TODO: Allow PassthroughBackends to specify they support proxy-protocol - servers = append(servers, &server{ - Hostname: pb.Hostname, - IP: svc.Spec.ClusterIP, - Port: port, - ProxyProtocol: false, - }) - } - - n.proxy.ServerList = servers - return content, nil } diff --git a/controllers/nginx/pkg/cmd/controller/tcp.go b/controllers/nginx/pkg/cmd/controller/tcp.go index e78192b38..ba6a8b543 100644 --- a/controllers/nginx/pkg/cmd/controller/tcp.go +++ b/controllers/nginx/pkg/cmd/controller/tcp.go @@ -22,6 +22,10 @@ type proxy struct { } func (p *proxy) Get(host string) *server { + if p.ServerList == nil { + return p.Default + } + for _, s := range p.ServerList { if s.Hostname == host { return s diff --git a/vendor/github.com/paultag/sniff/parser/parser.go b/vendor/github.com/paultag/sniff/parser/parser.go index 535e3a5de..0adbe4c08 100644 --- a/vendor/github.com/paultag/sniff/parser/parser.go +++ b/vendor/github.com/paultag/sniff/parser/parser.go @@ -85,7 +85,7 @@ func GetSNBlock(data []byte) ([]byte, error) { data = data[2 : extensionLength+2] for { - if index >= len(data) { + if index+4 >= len(data) { break } length := int((data[index+2] << 8) + data[index+3])