From: William Lallemand <wlallemand@haproxy.org>
Date: Tue, 7 Feb 2023 16:06:35 +0000 (+0100)
Subject: BUG/MINOR: ssl/crt-list: warn when a line is malformated
X-Git-Tag: v2.8-dev4~32
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=d85227fca20a5c793857c1632283ef4a2120285a;p=thirdparty%2Fhaproxy.git

BUG/MINOR: ssl/crt-list: warn when a line is malformated

Display a warning when some text exists between the filename and the
options. This part is completely ignored so if there are filters here,
they were never parsed.

This could be backported in every versions. In the older versions, the
parsing was done in ssl_sock_load_cert_list_file() in ssl_sock.c.
---

diff --git a/src/ssl_crtlist.c b/src/ssl_crtlist.c
index 825f380475..31428d63b5 100644
--- a/src/ssl_crtlist.c
+++ b/src/ssl_crtlist.c
@@ -403,6 +403,11 @@ int crtlist_parse_line(char *line, char **crt_path, struct crtlist_entry *entry,
 	*crt_path = args[0];
 
 	if (ssl_b) {
+		if (ssl_b > 1) {
+			memprintf(err, "parsing [%s:%d]: malformated line, filters can't be between filename and options!", file, linenum);
+			cfgerr |= ERR_WARN;
+		}
+
 		ssl_conf = calloc(1, sizeof *ssl_conf);
 		if (!ssl_conf) {
 			memprintf(err, "not enough memory!");