From 9c768fdca19b292c17099928e1efdf40bf53fc6e Mon Sep 17 00:00:00 2001 From: Willy Tarreau Date: Wed, 22 Aug 2018 05:08:57 +0200 Subject: [PATCH] BUG/MEDIUM: http: don't store url_decode() result in the samples's length By convenience or laziness we used to store url_decode()'s return code into smp->data.u.str.data. The result checks applied there compare it to 0 while it's now unsigned since commit 843b7cb ("MEDIUM: chunks: make the chunk struct's fields match the buffer struct "). Let's clean this up and test the result itself without storing it first. No backport is needed. --- src/proto_http.c | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/src/proto_http.c b/src/proto_http.c index 2605c770e..a7a8dadd6 100644 --- a/src/proto_http.c +++ b/src/proto_http.c @@ -11827,6 +11827,8 @@ expect_comma: /* This fetch url-decode any input string. */ static int sample_conv_url_dec(const struct arg *args, struct sample *smp, void *private) { + int len; + /* If the constant flag is set or if not size is avalaible at * the end of the buffer, copy the string in other buffer * before decoding. @@ -11841,8 +11843,11 @@ static int sample_conv_url_dec(const struct arg *args, struct sample *smp, void /* Add final \0 required by url_decode(), and convert the input string. */ smp->data.u.str.area[smp->data.u.str.data] = '\0'; - smp->data.u.str.data = url_decode(smp->data.u.str.area); - return (smp->data.u.str.data >= 0); + len = url_decode(smp->data.u.str.area); + if (len < 0) + return 0; + smp->data.u.str.data = len; + return 1; } static int smp_conv_req_capture(const struct arg *args, struct sample *smp, void *private)