From: Christopher Faulet <cfaulet@haproxy.com>
Date: Thu, 7 Feb 2019 15:29:41 +0000 (+0100)
Subject: BUG/MINOR: config: Reinforce validity check when a process number is parsed
X-Git-Tag: v2.0-dev1~50
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=18cca781f5384f060704ad80018d80bdd4e01e76;p=thirdparty%2Fhaproxy.git

BUG/MINOR: config: Reinforce validity check when a process number is parsed

Now, in the function parse_process_number(), when a process number or a set of
processes is parsed, an error is triggered if an invalid character is found. It
means following syntaxes are not forbidden and will emit an alert during the
HAProxy startup:

  1a
  1/2
  1-2-3

This bug was reported on Github. See issue #36.

This patch may be backported to 1.9 and 1.8.
---

diff --git a/src/cfgparse.c b/src/cfgparse.c
index d7d18c6b12..e178db069a 100644
--- a/src/cfgparse.c
+++ b/src/cfgparse.c
@@ -369,16 +369,20 @@ int parse_process_number(const char *arg, unsigned long *proc, int max, int *aut
 	else if (strcmp(arg, "even") == 0)
 		*proc |= (~0UL/3UL) << 1; /* 0xAAA...AAA */
 	else {
-		char *dash;
+		const char *p, *dash = NULL;
 		unsigned int low, high;
 
-		if (!isdigit((int)*arg)) {
-			memprintf(err, "'%s' is not a valid number.\n", arg);
-			return -1;
+		for (p = arg; *p; p++) {
+			if (*p == '-' && !dash)
+				dash = p;
+			else if (!isdigit((int)*p)) {
+				memprintf(err, "'%s' is not a valid number/range.", arg);
+				return -1;
+			}
 		}
 
 		low = high = str2uic(arg);
-		if ((dash = strchr(arg, '-')) != NULL)
+		if (dash)
 			high = ((!*(dash+1)) ? max : str2uic(dash + 1));
 
 		if (high < low) {