From: Daniel Stenberg <daniel@haxx.se>
Date: Mon, 5 Feb 2024 14:04:31 +0000 (+0100)
Subject: curl: exit on config file parser errors
X-Git-Tag: curl-8_7_0~206
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=0f0edc283c340e8ddddc763b48d2f835b2270ab4;p=thirdparty%2Fcurl.git

curl: exit on config file parser errors

Like when trying to import an environment variable that does not exist.

Also fix a bug for reading env variables when there is a default value
set.

Bug: https://curl.se/mail/archive-2024-02/0008.html
Reported-by: Brett Buddin

Add test 462 to verify.

Closes #12862
---

diff --git a/src/tool_parsecfg.c b/src/tool_parsecfg.c
index da48700663..a07d4f07b6 100644
--- a/src/tool_parsecfg.c
+++ b/src/tool_parsecfg.c
@@ -125,11 +125,11 @@ int parseconfig(const char *filename, struct GlobalConfig *global)
     int lineno = 0;
     bool dashed_option;
     struct curlx_dynbuf buf;
-    bool fileerror;
+    bool fileerror = FALSE;
     curlx_dyn_init(&buf, MAX_CONFIG_LINE_LENGTH);
     DEBUGASSERT(filename);
 
-    while(my_get_line(file, &buf, &fileerror)) {
+    while(!rc && my_get_line(file, &buf, &fileerror)) {
       int res;
       bool alloced_param = FALSE;
       lineno++;
@@ -264,8 +264,9 @@ int parseconfig(const char *filename, struct GlobalConfig *global)
            res != PARAM_VERSION_INFO_REQUESTED &&
            res != PARAM_ENGINES_REQUESTED) {
           const char *reason = param2text(res);
-          warnf(operation->global, "%s:%d: warning: '%s' %s",
-                filename, lineno, option, reason);
+          errorf(operation->global, "%s:%d: '%s' %s",
+                 filename, lineno, option, reason);
+          rc = res;
         }
       }
 
diff --git a/src/var.c b/src/var.c
index 388d45592f..74410ad4e0 100644
--- a/src/var.c
+++ b/src/var.c
@@ -42,6 +42,7 @@
 #include "memdebug.h" /* keep this as LAST include */
 
 #define MAX_EXPAND_CONTENT 10000000
+#define MAX_VAR_LEN 128 /* max length of a name */
 
 static char *Memdup(const char *data, size_t len)
 {
@@ -233,7 +234,7 @@ ParameterError varexpand(struct GlobalConfig *global,
       line = &envp[2];
     }
     else if(envp) {
-      char name[128];
+      char name[MAX_VAR_LEN];
       size_t nlen;
       size_t i;
       char *funcp;
@@ -393,6 +394,7 @@ ParameterError setvariable(struct GlobalConfig *global,
   ParameterError err = PARAM_OK;
   bool import = FALSE;
   char *ge = NULL;
+  char buf[MAX_VAR_LEN];
 
   if(*input == '%') {
     import = TRUE;
@@ -402,12 +404,20 @@ ParameterError setvariable(struct GlobalConfig *global,
   while(*line && (ISALNUM(*line) || (*line == '_')))
     line++;
   nlen = line - name;
-  if(!nlen || (nlen > 128)) {
+  if(!nlen || (nlen >= MAX_VAR_LEN)) {
     warnf(global, "Bad variable name length (%zd), skipping", nlen);
     return PARAM_OK;
   }
   if(import) {
-    ge = curl_getenv(name);
+    /* this does not use curl_getenv() because we want "" support for blank
+       content */
+    if(*line) {
+      /* if there is a default action, we need to copy the name */
+      memcpy(buf, name, nlen);
+      buf[nlen] = 0;
+      name = buf;
+    }
+    ge = getenv(name);
     if(!*line && !ge) {
       /* no assign, no variable, fail */
       errorf(global, "Variable '%s' import fail, not set", name);
@@ -459,6 +469,5 @@ ParameterError setvariable(struct GlobalConfig *global,
     if(contalloc)
       free(content);
   }
-  curl_free(ge);
   return err;
 }
diff --git a/tests/data/Makefile.inc b/tests/data/Makefile.inc
index cd393da750..1475cc3b95 100644
--- a/tests/data/Makefile.inc
+++ b/tests/data/Makefile.inc
@@ -73,6 +73,7 @@ test426 test427 test428 test429 test430 test431 test432 test433 test434 \
 test435 test436 test437 test438 test439 test440 test441 test442 test443 \
 test444 test445 test446 test447 test448 test449 test450 test451 test452 \
 test453 test454 test455 test456 test457 test458 test459 test460 test461 \
+test462 \
 \
 test490 test491 test492 test493 test494 test495 test496 test497 test498 \
 test499 test500 test501 test502 test503 test504 test505 test506 test507 \
diff --git a/tests/data/test462 b/tests/data/test462
new file mode 100644
index 0000000000..24c414ef3f
--- /dev/null
+++ b/tests/data/test462
@@ -0,0 +1,39 @@
+<testcase>
+<info>
+<keywords>
+variables
+--config
+</keywords>
+</info>
+
+#
+# Server-side
+<reply>
+</reply>
+
+#
+# Client-side
+<client>
+<server>
+none
+</server>
+<name>
+Missing environment variables in config file
+</name>
+<file name="%LOGDIR/cmd">
+variable %MISSING
+expand-data {{MISSING}}
+</file>
+<command>
+http://%HOSTIP:%HTTPPORT/%TESTNUMBER -K %LOGDIR/cmd
+</command>
+</client>
+
+#
+# Verify data after the test has been "shot"
+<verify>
+<errorcode>
+26
+</errorcode>
+</verify>
+</testcase>