BUG/MINOR: ssl: fix crt-store load parsing

The crt-store load line parser relies on offsets of member of the
ckch_conf struct. However the new "alias" keyword as an offset to
-1, because it does not need to be used. Plan was to handle it that way
in the parser, but it wasn't supported yet. So -1 was still used in an
offset computation which was not used, but ASAN could see the problem.

This patch fixes the issue by using a signed type for the offset value,
so any negative value would be skipped. It also introduced a
PARSE_TYPE_NONE for the parser.

No backport needed.

diff --git a/include/haproxy/ssl_ckch-t.h b/include/haproxy/ssl_ckch-t.h
index 058ea15ff561d33fd412f5cb415441f068adb922..6951126e2f56bc9a4086b79814fa6997a3ad2ce2 100644 (file)
--- a/include/haproxy/ssl_ckch-t.h
+++ b/include/haproxy/ssl_ckch-t.h
@@ -169,14 +169,15 @@ struct cert_exts {
 
 /* argument types */
 enum parse_type_t {
-       PARSE_TYPE_INT = 0,
+       PARSE_TYPE_NONE = 0,
+       PARSE_TYPE_INT,
        PARSE_TYPE_STR,         /* string which is strdup() */
        PARSE_TYPE_ONOFF,       /* "on" or "off" keyword */
 };
 
 struct ckch_conf_kws {
        const char *name;
-       size_t offset;
+       ssize_t offset;
        enum parse_type_t type;
        int (*func)(const char *path, char *buf, struct ckch_data *d, char **err);
        char **base; /* ptr to the base path */

diff --git a/src/ssl_ckch.c b/src/ssl_ckch.c
index 81752e191083b2ba83e32ccadd9246628157b580..40d929d922966ad08324d80ae69a8f6e27539ecd 100644 (file)
--- a/src/ssl_ckch.c
+++ b/src/ssl_ckch.c
@@ -3997,13 +3997,13 @@ static struct cli_kw_list cli_kws = {{ },{
 INITCALL1(STG_REGISTER, cli_register_kw, &cli_kws);
 
 struct ckch_conf_kws ckch_conf_kws[] = {
-       { "alias",                               -1,                 0, NULL,                                  NULL },
+       { "alias",                               -1,                 PARSE_TYPE_NONE, NULL,                                  NULL },
        { "crt",    offsetof(struct ckch_conf, crt),    PARSE_TYPE_STR, ssl_sock_load_pem_into_ckch,           &global_ssl.crt_base },
        { "key",    offsetof(struct ckch_conf, key),    PARSE_TYPE_STR, ssl_sock_load_key_into_ckch,           &global_ssl.key_base },
        { "ocsp",   offsetof(struct ckch_conf, ocsp),   PARSE_TYPE_STR, ssl_sock_load_ocsp_response_from_file, &global_ssl.crt_base },
        { "issuer", offsetof(struct ckch_conf, issuer), PARSE_TYPE_STR, ssl_sock_load_issuer_file_into_ckch,   &global_ssl.crt_base },
        { "sctl",   offsetof(struct ckch_conf, sctl),   PARSE_TYPE_STR, ssl_sock_load_sctl_from_file,          &global_ssl.crt_base },
-       { NULL,     0,                                  PARSE_TYPE_STR, NULL,                                  NULL                 }
+       { NULL,     -1,                                  PARSE_TYPE_STR, NULL,                                  NULL                 }
 };
 
 /* crt-store does not try to find files, but use the stored filename */
@@ -4021,8 +4021,13 @@ int ckch_store_load_files(struct ckch_conf *f, struct ckch_store *c, char **err)
        }
 
        for (i = 0; ckch_conf_kws[i].name; i++) {
-               char *src = *(char **)((intptr_t)f + (ptrdiff_t)ckch_conf_kws[i].offset);
+               char *src = NULL;
                char **base = ckch_conf_kws[i].base;
+
+               if (ckch_conf_kws[i].offset < 0)
+                       continue;
+
+               src = *(char **)((intptr_t)f + (ptrdiff_t)ckch_conf_kws[i].offset);
                if (src) {
                        char *path;
                        char path_base[PATH_MAX];