mirror of
https://git.haproxy.org/git/haproxy.git/
synced 2025-09-21 13:51:26 +02:00
8dd40fbde9
smp_is_safe() function is used to be sure a sample may be safely modified. For string samples, a test is performed to verify if there is a null-terminated byte. If not, one is added, if possible. It means if the sample is not const and if there is some free space in the buffer, after data. However, we must not try to read the null-terminated byte if the string sample is too long (data >= size) or if the size is equal to zero. This last test was not performed. Thus it was possible to consider a string sample as safe by testing a byte outside the buffer. Now, a zero size string sample is always considered as unsafe and is duplicated when smp_make_safe() is called. This patch must be backported in all stable versions.