BUG/MINOR: cfgparse: report extraneous args *after* the string is allocated

The config parser change in commit 9e1758efb ("BUG/MEDIUM: cfgparse: use parse_line() to expand/unquote/unescape config lines") is wrong when displaying the last parsed word, because it doesn't verify that the output string was properly allocated. This may fail in two cases: - very first line (outline is NULL, as in oss-fuzz issue 23657) - much longer line than previous ones, requiring a realloc(), in which case the final 0 is out of the allocated space. This patch moves the reporting after the allocation check to fix this. No backport is needed, this is 2.2 only.
2026-02-05 09:21:42 +01:00 · 2020-06-25 07:41:22 +02:00 · 2020-06-25 07:41:22 +02:00 · 07d47060e0
commit 07d47060e0
parent 61dd44bbc1
1 changed files with 10 additions and 8 deletions
--- a/src/cfgparse.c
+++ b/src/cfgparse.c
@ -1976,14 +1976,6 @@ next_line:
 				goto next_line;
 			}

-			if (err & PARSE_ERR_TOOMANY) {
-				ha_alert("parsing [%s:%d]: too many words, truncating after word %d, position %ld: <%s>.\n",
-					 file, linenum, MAX_LINE_ARGS, (long)(args[MAX_LINE_ARGS-1] - outline + 1), args[MAX_LINE_ARGS-1]);
-				err_code |= ERR_ALERT | ERR_FATAL;
-				fatal++;
-				goto next_line;
-			}
-
 			if (err & (PARSE_ERR_TOOLARGE|PARSE_ERR_OVERLAP)) {
 				outlinesize = (outlen + 1023) & -1024;
 				outline = realloc(outline, outlinesize);
@ -1997,6 +1989,16 @@ next_line:
 				/* try again */
 				continue;
 			}
+
+			if (err & PARSE_ERR_TOOMANY) {
+				/* only check this *after* being sure the output is allocated */
+				ha_alert("parsing [%s:%d]: too many words, truncating after word %d, position %ld: <%s>.\n",
+					 file, linenum, MAX_LINE_ARGS, (long)(args[MAX_LINE_ARGS-1] - outline + 1), args[MAX_LINE_ARGS-1]);
+				err_code |= ERR_ALERT | ERR_FATAL;
+				fatal++;
+				goto next_line;
+			}
+
 			/* everything's OK */
 			break;
 		}