BUG/MINOR: cli: fix too many args detection for commands

d3f928944 ("BUG/MINOR: cli: Issue an error when too many args are passed
for a command") added a new check to prevent the command to run when
too many arguments are provided. In this case an error is reported.

However it turns out this check (despite marked for backports) was
ineffective prior to 20ec1de21 ("MAJOR: cli: Refacor parsing and
execution of pipelined commands") as 'p' pointer was reset to the end of
the buffer before the check was executed.

Now since 20ec1de21, the check works, but we have another issue: we may
read past initialized bytes in the buffer because 'p' pointer is always
incremented in a while loop without checking if we increment it past 'end'
(This was detected using valgrind)

To fix the issue introduced by 20ec1de21, let's only increment 'p' pointer
if p < end.

For 3.2 this is it, now for older versions, since d3f928944 was marked for
backport, a sligthly different approach is needed:

 - conditional p increment must be done in the loop (as in this patch)
 - max arg check must moved above "fill unused slots" comment where p is
   assigned to the end of the buffer

This patch should be backported with d3f928944.

diff --git a/src/cli.c b/src/cli.c
index 41e8750ff26c7e6bc7dad01445cc04c491ce275a..4ab8713fa5820c82ae1ea11646943a41b5a22e9a 100644 (file)
--- a/src/cli.c
+++ b/src/cli.c
@@ -770,7 +770,8 @@ static int cli_process_cmdline(struct appctx *appctx)
                                break;
                        }
                }
-               *p++ = 0;
+               if (p < end)
+                       *p++ = 0;
 
                /* unescape backslashes (\) */
                for (j = 0, k = 0; args[i][k]; k++) {