From: Christopher Faulet <cfaulet@haproxy.com>
Date: Fri, 8 Apr 2022 08:04:05 +0000 (+0200)
Subject: BUG/MEDIUM: http-conv: Fix url_enc() to not crush const samples
X-Git-Tag: v2.6-dev5~28
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=21ac0eec280685174fbe368c4da0cb9cb8efd075;p=thirdparty%2Fhaproxy.git

BUG/MEDIUM: http-conv: Fix url_enc() to not crush const samples

url_enc() encodes an input string by calling encode_string(). To do so, it
adds a trailing '\0' to the sample string. However it never restores the
sample string at the end. It is a problem for const samples. The sample
string may be in the middle of a buffer. For instance, the HTTP headers
values are concerned.

However, instead of modifying the sample string, it is easier to rely on
encode_chunk() function. It does the same but on a buffer.

This patch must be backported as far as 2.2.
---

diff --git a/src/http_conv.c b/src/http_conv.c
index 121a4989ba..f33336aae4 100644
--- a/src/http_conv.c
+++ b/src/http_conv.c
@@ -324,16 +324,13 @@ static int sample_conv_url_enc(const struct arg *args, struct sample *smp, void
 	enc_type = ENC_QUERY;
 	enc_type = args->data.sint;
 
-	/* Add final \0 required by encode_string() */
-	smp->data.u.str.area[smp->data.u.str.data] = '\0';
-
 	if (enc_type == ENC_QUERY)
 		encode_map = query_encode_map;
 	else
 		return 0;
 
-	ret = encode_string(trash->area, trash->area + trash->size, '%',
-			    encode_map, smp->data.u.str.area);
+	ret = encode_chunk(trash->area, trash->area + trash->size, '%',
+			   encode_map, &smp->data.u.str);
 	if (ret == NULL || *ret != '\0')
 		return 0;
 	trash->data = ret - trash->area;