mirrors/haproxy
1
0
Fork 0
mirror of https://git.haproxy.org/git/haproxy.git/ synced 2025-09-21 05:41:26 +02:00
Code Issues Projects Releases Wiki Activity

BUG/MINOR: tools: url2sa reads too far when no port nor path

Browse Source 
url2sa() still have an unfortunate case where it reads 1 byte too far,
it happens when no port or path are specified in the URL, and could
crash if the byte after the URL is not allocated (mostly with ASAN).

This case is never triggered in old versions of haproxy because url2sa
is used with buffers which are way bigger than the URL. It is only
triggered with the httpclient.

Should be bacported in every stable branches.
This commit is contained in:
William Lallemand 2022-03-25 17:37:51 +01:00
parent d8769d1d87
commit 3d7a9186dd
1 changed files with 3 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
src/tools.c
View File

@ -1679,7 +1679,7 @@ int url2sa(const char *url, int ulen, struct sockaddr_storage *addr, struct spli
end++; end++;
/* Decode port. */ /* Decode port. */
if (*end == ':') { if (end < url + ulen && *end == ':') {
end++; end++;
default_port = read_uint(&end, url + ulen); default_port = read_uint(&end, url + ulen);
} }
@ -1712,7 +1712,7 @@ int url2sa(const char *url, int ulen, struct sockaddr_storage *addr, struct spli
curr += ret; curr += ret;
/* Decode port. */ /* Decode port. */
if (*curr == ':') { if (curr < url + ulen && *curr == ':') {
curr++; curr++;
default_port = read_uint(&curr, url + ulen); default_port = read_uint(&curr, url + ulen);
} }
@ -1746,7 +1746,7 @@ int url2sa(const char *url, int ulen, struct sockaddr_storage *addr, struct spli
} }
/* Decode port. */ /* Decode port. */
if (*end == ':') { if (end < url + ulen && *end == ':') {
end++; end++;
default_port = read_uint(&end, url + ulen); default_port = read_uint(&end, url + ulen);
} }