From 2ccdd93d443b99427e31eb6735b87d3199a03c4f Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Markus=20M=C3=A4kel=C3=A4?= <markus.makela@mariadb.com>
Date: Mon, 4 Sep 2017 19:34:14 +0300
Subject: [PATCH] MXS-1346: Fix rule handling

The call to update_rules is needed before each query to make sure that the
rules are up to date.

The check whether the rule was active was inverted.
---
 .../modules/filter/dbfwfilter/dbfwfilter.cc   | 41 +++++++++++--------
 server/modules/filter/dbfwfilter/user.cc      |  2 +-
 2 files changed, 24 insertions(+), 19 deletions(-)

diff --git a/server/modules/filter/dbfwfilter/dbfwfilter.cc b/server/modules/filter/dbfwfilter/dbfwfilter.cc
index 6fd02917b..5cefd7805 100644
--- a/server/modules/filter/dbfwfilter/dbfwfilter.cc
+++ b/server/modules/filter/dbfwfilter/dbfwfilter.cc
@@ -1051,6 +1051,24 @@ bool replace_rules(Dbfw* instance)
     return rval;
 }
 
+static bool update_rules(Dbfw* my_instance)
+{
+    bool rval = true;
+    int rule_version = my_instance->get_rule_version();
+
+    if (this_thread.rule_version < rule_version)
+    {
+        if (!replace_rules(my_instance))
+        {
+            rval = false;
+        }
+
+        this_thread.rule_version = rule_version;
+    }
+
+    return rval;
+}
+
 Dbfw::Dbfw(MXS_CONFIG_PARAMETER* params):
     m_action((enum fw_actions)config_get_enum(params, "action", action_values)),
     m_log_match(0),
@@ -1295,6 +1313,11 @@ int DbfwSession::routeQuery(GWBUF* buffer)
     int rval = 0;
     uint32_t type = 0;
 
+    if (!update_rules(m_instance))
+    {
+        return rval;
+    }
+
     if (modutil_is_SQL(buffer) || modutil_is_SQL_prepare(buffer))
     {
         type = qc_get_type_mask(buffer);
@@ -1567,24 +1590,6 @@ bool rule_matches(Dbfw* my_instance,
     return matches;
 }
 
-static bool update_rules(Dbfw* my_instance)
-{
-    bool rval = true;
-    int rule_version = my_instance->get_rule_version();
-
-    if (this_thread.rule_version < rule_version)
-    {
-        if (!replace_rules(my_instance))
-        {
-            rval = false;
-        }
-
-        this_thread.rule_version = rule_version;
-    }
-
-    return rval;
-}
-
 /**
  * Diagnostics routine
  *
diff --git a/server/modules/filter/dbfwfilter/user.cc b/server/modules/filter/dbfwfilter/user.cc
index 646cf746b..0792283ce 100644
--- a/server/modules/filter/dbfwfilter/user.cc
+++ b/server/modules/filter/dbfwfilter/user.cc
@@ -127,7 +127,7 @@ bool User::do_match(Dbfw* my_instance, DbfwSession* my_session,
             rval = true;
             for (RuleList::iterator it = rules.begin(); it != rules.end(); it++)
             {
-                if (!rule_is_active(*it))
+                if (rule_is_active(*it))
                 {
                     have_active_rule = true;