From: Willy Tarreau <w@1wt.eu>
Date: Mon, 8 Nov 2021 11:09:27 +0000 (+0100)
Subject: BUG/MINOR: cache: properly ignore unparsable max-age in quotes
X-Git-Tag: v2.5-dev14~29
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=1f38bdb3f63f3ce7422bedfe3a6e24c1619e9881;p=thirdparty%2Fhaproxy.git

BUG/MINOR: cache: properly ignore unparsable max-age in quotes

When "max-age" or "s-maxage" receive their values in quotes, the pointer
to the integer to be parsed is advanced by one, but the error pointer
check doesn't consider this advanced offset, so it will not match a
parse error such as max-age="a" and will take the value zero instead.

This probably needs to be backported, though it's unsure it has any
effect in the real world.
---

diff --git a/src/cache.c b/src/cache.c
index 9c108ae537..287ff5325b 100644
--- a/src/cache.c
+++ b/src/cache.c
@@ -783,7 +783,7 @@ int http_calc_maxage(struct stream *s, struct cache *cache, int *true_maxage)
 			chunk_memcat(chk, "", 1);
 			offset = (*chk->area == '"') ? 1 : 0;
 			smaxage = strtol(chk->area + offset, &endptr, 10);
-			if (unlikely(smaxage < 0 || endptr == chk->area))
+			if (unlikely(smaxage < 0 || endptr == chk->area + offset))
 				return -1;
 		}
 
@@ -795,7 +795,7 @@ int http_calc_maxage(struct stream *s, struct cache *cache, int *true_maxage)
 			chunk_memcat(chk, "", 1);
 			offset = (*chk->area == '"') ? 1 : 0;
 			maxage = strtol(chk->area + offset, &endptr, 10);
-			if (unlikely(maxage < 0 || endptr == chk->area))
+			if (unlikely(maxage < 0 || endptr == chk->area + offset))
 				return -1;
 		}
 	}