From: William Lallemand <wlallemand@haproxy.com>
Date: Tue, 31 Oct 2017 19:21:46 +0000 (+0100)
Subject: MEDIUM: shctx: forbid shctx to read more than expected
X-Git-Tag: v1.8-rc1~4
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=7217c46dfefccf581583f6f38ba8032a0dfad643;p=thirdparty%2Fhaproxy.git

MEDIUM: shctx: forbid shctx to read more than expected

Forbid shctx to read more than expected, it allows you to use a greater
value as a len with shctx_row_data_get(), the size of the destination
buffer for example.
---

diff --git a/src/shctx.c b/src/shctx.c
index 69da33570d..61fd12d3d6 100644
--- a/src/shctx.c
+++ b/src/shctx.c
@@ -209,6 +209,10 @@ int shctx_row_data_get(struct shared_context *shctx, struct shared_block *first,
 	int count = 0, size = 0, start = -1;
 	struct shared_block *block;
 
+	/* can't copy more */
+	if (len > first->len)
+		len = first->len;
+
 	block = first;
 	count = 0;
 	/* Pass through the blocks to copy them */