[BUG] config: fix wrong handling of too large argument count

Holger Just reported that running ACLs with too many args caused
a segfault during config parsing. This is caused by a wrong test
on argument count. In case of too many arguments on a config line,
the last one was not correctly zeroed. This is now done and we
report the error indicating what part had been truncated.

diff --git a/src/cfgparse.c b/src/cfgparse.c
index f0d690b2e4eb9e4acf5bd5b8a1c18652e7506c27..a1d2428a27da891677284695742231889d8b543e 100644 (file)
--- a/src/cfgparse.c
+++ b/src/cfgparse.c
@@ -3697,6 +3697,21 @@ int readcfgfile(const char *file)
                if (!**args)
                        continue;
 
+               if (*line) {
+                       /* we had to stop due to too many args.
+                        * Let's terminate the string, print the offending part then cut the
+                        * last arg.
+                        */
+                       while (*line && *line != '#' && *line != '\n' && *line != '\r')
+                               line++;
+                       *line = '\0';
+
+                       Alert("parsing [%s:%d]: line too long, truncating at word %d, position %d : <%s>.\n",
+                             file, linenum, arg + 1, args[arg] - thisline + 1, args[arg]);
+                       err_code |= ERR_ALERT | ERR_FATAL;
+                       args[arg] = line;
+               }
+
                /* zero out remaining args and ensure that at least one entry
                 * is zeroed out.
                 */