Inicio Explorar Axuda
Iniciar sesión
kennyh
/
emqx4.3
1
0
Fork 0
Ficheiros Incidencias 0 Pull Requests 0 Wiki
Explorar o código

fix: listener crash if access_rules config option is incorrect

Previously when changing the access_rules configuration option of a
listener to something that was not a valid rule, the listener would
crash. This has now been fixed by the addition of a configuration
validator that checks the access_rules field.

Additionally, a configuration option converter has been added to the
access_rules field so that one can specify several rules in a single
string by using "," (comma) as separator.

Fixes:
https://emqx.atlassian.net/browse/EMQX-12315
Kjell Winblad hai 1 ano
pai
4403b4f5ce
achega
0aeb2cd77f
Modificáronse 1 ficheiros con 45 adicións e 1 borrados
Dividir vista Mostrar estatísticas de Diff
  1. 45 1
      apps/emqx/src/emqx_schema.erl

+ 45 - 1
apps/emqx/src/emqx_schema.erl
Ver ficheiro 

@@ -1781,7 +1781,9 @@ mqtt_listener(Bind) ->
 
                     hoconsc:array(string()),
 
                     #{
 
                         desc => ?DESC(mqtt_listener_access_rules),
 
-                        default => [<<"allow all">>]
 
+                        default => [<<"allow all">>],
 
+                        converter => fun access_rules_converter/1,
 
+                        validator => fun access_rules_validator/1
 
                     }
 
                 )},
 
             {"proxy_protocol",
 
@@ -1802,6 +1804,48 @@ mqtt_listener(Bind) ->
 
                 )}
 
         ] ++ emqx_schema_hooks:injection_point('mqtt.listener').
 
 
+access_rules_converter(AccessRules) ->
 
+    DeepRules =
 
+        lists:foldr(
 
+            fun(Rule, Acc) ->
 
+                Rules = re:split(Rule, <<"\\s*,\\s*">>, [{return, binary}]),
 
+                [Rules | Acc]
 
+            end,
 
+            [],
 
+            AccessRules
 
+        ),
 
+    [unicode:characters_to_list(RuleBin) || RuleBin <- lists:flatten(DeepRules)].
 
+
 
+access_rules_validator(AccessRules) ->
 
+    InvalidRules = [Rule || Rule <- AccessRules, is_invalid_rule(Rule)],
 
+    case InvalidRules of
 
+        [] ->
 
+            ok;
 
+        _ ->
 
+            MsgStr = io_lib:format("invalid_rule(s): ~ts", [string:join(InvalidRules, ", ")]),
 
+            MsgBin = unicode:characters_to_binary(MsgStr),
 
+            {error, MsgBin}
 
+    end.
 
+
 
+is_invalid_rule(S) ->
 
+    try
 
+        [Action, CIDR] = string:tokens(S, " "),
 
+        case Action of
 
+            "allow" -> ok;
 
+            "deny" -> ok
 
+        end,
 
+        case CIDR of
 
+            "all" ->
 
+                ok;
 
+            _ ->
 
+                %% should not crash
 
+                _ = esockd_cidr:parse(CIDR, true)
 
+        end,
 
+        false
 
+    catch
 
+        _:_ -> true
 
+    end.
 
+
 
 base_listener(Bind) ->
 
     [
 
         {"enable",