Merge pull request #777 from aledbf/fix-ssl-proxy

Update sniff parser to fix index out of bound error
2017-05-26 11:59:33 -07:00 · 2017-05-26 11:59:33 -07:00 · cc1a560585
commit cc1a560585
parent e4c4b22c73 20e99fa409
4 changed files with 41 additions and 37 deletions
--- a/Godeps/Godeps.json
+++ b/Godeps/Godeps.json
@ -191,7 +191,7 @@
 		},
 		{
 			"ImportPath": "github.com/paultag/sniff/parser",
-			"Rev": "c36b8585a41425573d9e3e1890bf3b6ac89a3828"
+			"Rev": "558797aed1e6daa735d8fada0b863b89d72dcfba"
 		},
 		{
 			"ImportPath": "github.com/pborman/uuid",
--- a/controllers/nginx/pkg/cmd/controller/nginx.go
+++ b/controllers/nginx/pkg/cmd/controller/nginx.go
@ -417,6 +417,41 @@ func (n *NGINXController) OnUpdate(ingressCfg ingress.Configuration) ([]byte, er
 	cfg := ngx_template.ReadConfig(n.configmap.Data)
 	cfg.Resolver = n.resolver

+	servers := []*server{}
+	for _, pb := range ingressCfg.PassthroughBackends {
+		svc := pb.Service
+		if svc == nil {
+			glog.Warningf("missing service for PassthroughBackends %v", pb.Backend)
+			continue
+		}
+		port, err := strconv.Atoi(pb.Port.String())
+		if err != nil {
+			for _, sp := range svc.Spec.Ports {
+				if sp.Name == pb.Port.String() {
+					port = int(sp.Port)
+					break
+				}
+			}
+		} else {
+			for _, sp := range svc.Spec.Ports {
+				if sp.Port == int32(port) {
+					port = int(sp.Port)
+					break
+				}
+			}
+		}
+
+		//TODO: Allow PassthroughBackends to specify they support proxy-protocol
+		servers = append(servers, &server{
+			Hostname:      pb.Hostname,
+			IP:            svc.Spec.ClusterIP,
+			Port:          port,
+			ProxyProtocol: false,
+		})
+	}
+
+	n.proxy.ServerList = servers
+
 	// we need to check if the status module configuration changed
 	if cfg.EnableVtsStatus {
 		n.setupMonitor(vtsStatusModule)
@ -513,41 +548,6 @@ func (n *NGINXController) OnUpdate(ingressCfg ingress.Configuration) ([]byte, er
 		return nil, err
 	}

-	servers := []*server{}
-	for _, pb := range ingressCfg.PassthroughBackends {
-		svc := pb.Service
-		if svc == nil {
-			glog.Warningf("missing service for PassthroughBackends %v", pb.Backend)
-			continue
-		}
-		port, err := strconv.Atoi(pb.Port.String())
-		if err != nil {
-			for _, sp := range svc.Spec.Ports {
-				if sp.Name == pb.Port.String() {
-					port = int(sp.Port)
-					break
-				}
-			}
-		} else {
-			for _, sp := range svc.Spec.Ports {
-				if sp.Port == int32(port) {
-					port = int(sp.Port)
-					break
-				}
-			}
-		}
-
-		//TODO: Allow PassthroughBackends to specify they support proxy-protocol
-		servers = append(servers, &server{
-			Hostname:      pb.Hostname,
-			IP:            svc.Spec.ClusterIP,
-			Port:          port,
-			ProxyProtocol: false,
-		})
-	}
-
-	n.proxy.ServerList = servers
-
 	return content, nil
 }

--- a/controllers/nginx/pkg/cmd/controller/tcp.go
+++ b/controllers/nginx/pkg/cmd/controller/tcp.go
@ -22,6 +22,10 @@ type proxy struct {
 }

 func (p *proxy) Get(host string) *server {
+	if p.ServerList == nil {
+		return p.Default
+	}
+
 	for _, s := range p.ServerList {
 		if s.Hostname == host {
 			return s
--- a/vendor/github.com/paultag/sniff/parser/parser.go
+++ b/vendor/github.com/paultag/sniff/parser/parser.go
@ -85,7 +85,7 @@ func GetSNBlock(data []byte) ([]byte, error) {
 	data = data[2 : extensionLength+2]

 	for {
-		if index >= len(data) {
+		if index+4 >= len(data) {
 			break
 		}
 		length := int((data[index+2] << 8) + data[index+3])