From: William Lallemand <wlallemand@haproxy.org>
Date: Sun, 26 Sep 2021 16:12:43 +0000 (+0200)
Subject: BUG/MEDIUM: httpclient: replace ist0 by istptr
X-Git-Tag: v2.5-dev9~159
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=614e68337d9f2c8821a104bfb188fb6540b52785;p=thirdparty%2Fhaproxy.git

BUG/MEDIUM: httpclient: replace ist0 by istptr

ASAN reported a buffer overflow in the httpclient. This overflow is the
consequence of ist0() which is incorrect here.

Replace all occurences of ist0() by istptr() which is more appropried
here since all ist in the httpclient were created from strings.
---

diff --git a/src/http_client.c b/src/http_client.c
index bafeafcacd..ab83cdba4c 100644
--- a/src/http_client.c
+++ b/src/http_client.c
@@ -173,7 +173,7 @@ static int hc_cli_io_handler(struct appctx *appctx)
 	if (!trash)
 		goto out;
 	if (appctx->ctx.cli.i0 & HC_CLI_F_RES_STLINE) {
-		chunk_appendf(trash, "%s %d %s\n",ist0(hc->res.vsn), hc->res.status, ist0(hc->res.reason));
+		chunk_appendf(trash, "%s %d %s\n",istptr(hc->res.vsn), hc->res.status, istptr(hc->res.reason));
 		if (ci_putchk(si_ic(si), trash) == -1)
 			si_rx_room_blk(si);
 		appctx->ctx.cli.i0 &= ~HC_CLI_F_RES_STLINE;
@@ -338,9 +338,9 @@ struct appctx *httpclient_start(struct httpclient *hc)
 
 	/* parse URI and fill sockaddr_storage */
 	/* FIXME: use a resolver */
-	len = url2sa(ist0(hc->req.url), istlen(hc->req.url), &hc->dst, &out);
+	len = url2sa(istptr(hc->req.url), istlen(hc->req.url), &hc->dst, &out);
 	if (len == -1) {
-		ha_alert("httpclient: cannot parse uri '%s'.\n", ist0(hc->req.url));
+		ha_alert("httpclient: cannot parse uri '%s'.\n", istptr(hc->req.url));
 		goto out;
 	}