From: Tim Duesterhus <tim@bastelstu.be>
Date: Sat, 28 Aug 2021 22:58:22 +0000 (+0200)
Subject: BUG/MINOR: tools: Fix loop condition in dump_text()
X-Git-Tag: v2.5-dev6~31
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=18795d48a9bb09aedc57e547029828a56322e49d;p=thirdparty%2Fhaproxy.git

BUG/MINOR: tools: Fix loop condition in dump_text()

The condition should first check whether `bsize` is reached, before
dereferencing the offset. Even if this always works fine, due to the
string being null-terminated, this certainly looks odd.

Found using GitHub's CodeQL scan.

This bug traces back to at least 97c2ae13bc0d7961a348102d6719fbcaf34d46d5
(1.7.0+) and this patch should be backported accordingly.
---

diff --git a/src/tools.c b/src/tools.c
index 4f536efc3e..cc71d45358 100644
--- a/src/tools.c
+++ b/src/tools.c
@@ -4522,9 +4522,9 @@ int may_access(const void *ptr)
 int dump_text(struct buffer *out, const char *buf, int bsize)
 {
 	unsigned char c;
-	int ptr = 0;
+	size_t ptr = 0;
 
-	while (buf[ptr] && ptr < bsize) {
+	while (ptr < bsize && buf[ptr]) {
 		c = buf[ptr];
 		if (isprint((unsigned char)c) && isascii((unsigned char)c) && c != '\\' && c != ' ' && c != '=') {
 			if (out->data > out->size - 1)