mirrors/haproxy
1
0
Fork 0
mirror of https://git.haproxy.org/git/haproxy.git/ synced 2025-09-21 22:01:31 +02:00
Code Issues Projects Releases Wiki Activity

BUG/MINOR: cfgparse: abort earlier in case of allocation error

Browse Source 
In issue #1563, Coverity reported a very interesting issue about a
possible UAF in the config parser if the config file ends in with a
very large line followed by an empty one and the large one causes an
allocation failure.

The issue essentially is that we try to go on with the next line in case
of allocation error, while there's no point doing so. If we failed to
allocate memory to read one config line, the same may happen on the next
one, and blatantly dropping it while trying to parse what follows it. In
the best case, subsequent errors will be incorrect due to this prior error
(e.g. a large ACL definition with many patterns, followed by a reference of
this ACL).

Let's just immediately abort in such a condition where there's no recovery
possible.

This may be backported to all versions once the issue is confirmed to be
addressed.

Thanks to Ilya for the report.
This commit is contained in:
Willy Tarreau 2022-05-20 09:13:38 +02:00
parent fe1c785bcc
commit 8ec9c81ac4
1 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
src/cfgparse.c
View File

@ -1860,10 +1860,10 @@ next_line:
if (outline == NULL) { if (outline == NULL) {
ha_alert("parsing [%s:%d]: line too long, cannot allocate memory.\n", ha_alert("parsing [%s:%d]: line too long, cannot allocate memory.\n",
file, linenum); file, linenum);
err_code |= ERR_ALERT | ERR_FATAL; err_code |= ERR_ALERT | ERR_FATAL | ERR_ABORT;
fatal++; fatal++;
outlinesize = 0; outlinesize = 0;
goto next_line; goto err;
} }
/* try again */ /* try again */
continue; continue;