BUG/MEDIUM: httpclient: replace ist0 by istptr

ASAN reported a buffer overflow in the httpclient. This overflow is the
consequence of ist0() which is incorrect here.

Replace all occurences of ist0() by istptr() which is more appropried
here since all ist in the httpclient were created from strings.

diff --git a/src/http_client.c b/src/http_client.c
index bafeafcacd3c78b00bea3d37eb4df43a189ea139..ab83cdba4cb2eecaea9f65084be448d33422803c 100644 (file)
--- a/src/http_client.c
+++ b/src/http_client.c
@@ -173,7 +173,7 @@ static int hc_cli_io_handler(struct appctx *appctx)
        if (!trash)
                goto out;
        if (appctx->ctx.cli.i0 & HC_CLI_F_RES_STLINE) {
-               chunk_appendf(trash, "%s %d %s\n",ist0(hc->res.vsn), hc->res.status, ist0(hc->res.reason));
+               chunk_appendf(trash, "%s %d %s\n",istptr(hc->res.vsn), hc->res.status, istptr(hc->res.reason));
                if (ci_putchk(si_ic(si), trash) == -1)
                        si_rx_room_blk(si);
                appctx->ctx.cli.i0 &= ~HC_CLI_F_RES_STLINE;
@@ -338,9 +338,9 @@ struct appctx *httpclient_start(struct httpclient *hc)
 
        /* parse URI and fill sockaddr_storage */
        /* FIXME: use a resolver */
-       len = url2sa(ist0(hc->req.url), istlen(hc->req.url), &hc->dst, &out);
+       len = url2sa(istptr(hc->req.url), istlen(hc->req.url), &hc->dst, &out);
        if (len == -1) {
-               ha_alert("httpclient: cannot parse uri '%s'.\n", ist0(hc->req.url));
+               ha_alert("httpclient: cannot parse uri '%s'.\n", istptr(hc->req.url));
                goto out;
        }