From: Willy Tarreau <w@1wt.eu>
Date: Thu, 24 Jan 2013 01:14:42 +0000 (+0100)
Subject: BUG/MEDIUM: tools: off-by-one in quote_arg()
X-Git-Tag: v1.5-dev18~113
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=de2dd6b1250579c46ff085d8dad760d6d5ca9407;p=thirdparty%2Fhaproxy.git

BUG/MEDIUM: tools: off-by-one in quote_arg()

This function may write the \0 one char too far in the static array.
There is no effect right now as the function has never been used except
maybe in code that was never released. Out-of-tree code might possibly
be affected though (hence the MEDIUM flag).

No backport is needed.

Reported-by: Dinko Korunic <dkorunic@reflected.net>
---

diff --git a/src/standard.c b/src/standard.c
index 13ec4ad999..b14b70ba27 100644
--- a/src/standard.c
+++ b/src/standard.c
@@ -1567,7 +1567,7 @@ const char *quote_arg(const char *ptr)
 	if (!ptr || !*ptr)
 		return "end of line";
 	val[0] = '\'';
-	for (i = 1; i < sizeof(val) - 1 && *ptr; i++)
+	for (i = 1; i < sizeof(val) - 2 && *ptr; i++)
 		val[i] = *ptr++;
 	val[i++] = '\'';
 	val[i] = '\0';