From: Willy Tarreau <w@1wt.eu>
Date: Mon, 9 Nov 2009 20:16:53 +0000 (+0100)
Subject: [BUG] config: fix wrong handling of too large argument count
X-Git-Tag: v1.4-dev5~67
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=7bb651ec1d0cc124781e93341462507d622f2168;p=thirdparty%2Fhaproxy.git

[BUG] config: fix wrong handling of too large argument count

Holger Just reported that running ACLs with too many args caused
a segfault during config parsing. This is caused by a wrong test
on argument count. In case of too many arguments on a config line,
the last one was not correctly zeroed. This is now done and we
report the error indicating what part had been truncated.
(cherry picked from commit 3b39c1446b9bd842324e87782a836948a07c25a2)
---

diff --git a/src/cfgparse.c b/src/cfgparse.c
index eb7db0f9cb..91a20bdf1d 100644
--- a/src/cfgparse.c
+++ b/src/cfgparse.c
@@ -3996,6 +3996,21 @@ int readcfgfile(const char *file)
 		if (!**args)
 			continue;
 
+		if (*line) {
+			/* we had to stop due to too many args.
+			 * Let's terminate the string, print the offending part then cut the
+			 * last arg.
+			 */
+			while (*line && *line != '#' && *line != '\n' && *line != '\r')
+				line++;
+			*line = '\0';
+
+			Alert("parsing [%s:%d]: line too long, truncating at word %d, position %d : <%s>.\n",
+			      file, linenum, arg + 1, args[arg] - thisline + 1, args[arg]);
+			err_code |= ERR_ALERT | ERR_FATAL;
+			args[arg] = line;
+		}
+
 		/* zero out remaining args and ensure that at least one entry
 		 * is zeroed out.
 		 */