From 8a14b73ecf992e535301972e0b7d9e7f14d1eb4c Mon Sep 17 00:00:00 2001
From: Christopher Faulet <cfaulet@haproxy.com>
Date: Mon, 15 Feb 2021 16:24:10 +0100
Subject: [PATCH] MINOR: server: Be more strict when reading the version of a
 server-state file

Now, we read a full line and expects to found an integer only on it. And if
the line is empty or truncated, an error is returned. If the version is not
valid, an error is also returned. This way, the first line is no longer
partially read.
---
 src/server.c | 20 +++++++++++++-------
 1 file changed, 13 insertions(+), 7 deletions(-)

diff --git a/src/server.c b/src/server.c
index bcfdbb277..b9fa115b9 100644
--- a/src/server.c
+++ b/src/server.c
@@ -3049,20 +3049,26 @@ static void srv_update_state(struct server *srv, int version, char **params)
  * Note that this should be the first read on <f>
  */
 static int srv_state_get_version(FILE *f) {
-	char buf[2];
-	int ret;
+	char mybuf[SRV_STATE_LINE_MAXLEN];
+	char *endptr;
+	long int vsn;
 
 	/* first character of first line of the file must contain the version of the export */
-	if (fgets(buf, 2, f) == NULL) {
+	if (fgets(mybuf, SRV_STATE_LINE_MAXLEN, f) == NULL)
+		return 0;
+
+	vsn = strtol(mybuf, &endptr, 10);
+	if (endptr == mybuf || *endptr != '\n') {
+		/* Empty or truncated line */
 		return 0;
 	}
 
-	ret = atoi(buf);
-	if ((ret < SRV_STATE_FILE_VERSION_MIN) ||
-	    (ret > SRV_STATE_FILE_VERSION_MAX))
+	if (vsn < SRV_STATE_FILE_VERSION_MIN || vsn > SRV_STATE_FILE_VERSION_MAX) {
+		/* Wrong version number */
 		return 0;
+	}
 
-	return ret;
+	return vsn;
 }