[BUG] Configuration parser bug when escaping characters

Today I was testing headers manipulation but I met a bug with my first test.
To reproduce it, add for example this line :

    rspadd Cache-Control:\ max-age=1500

Check the response header, it will provide :

Cache-Control: max-age=15000 <= the last character is duplicated

This only happens when we use backslashes on the last line of the
configuration file, without returning to the line.

Also if the last line is like :
  rspadd Cache-Control:\ max-age=1500\

the last backslash causes a segfault.

This is not due to rspadd but to a more general bug in cfgparse.c :
...
if (skip) {
        memmove(line + 1, line + 1 + skip, end - (line + skip + 1));
        end -= skip;
}
...

should be :
...
if (skip) {
        memmove(line + 1, line + 1 + skip, end - (line + skip));
        end -= skip;
}
...

I've reproduced it with haproxy 1.3.22 and the last 1.4 snapshot.
(cherry picked from commit dd1b01d027bc3f71006d038942c81613b8872edc)

diff --git a/src/cfgparse.c b/src/cfgparse.c
index 393c517981e57ee4d5ee01e352a292c42e48689a..65c820ee54046e054b98e6c3692748a55b48419b 100644 (file)
--- a/src/cfgparse.c
+++ b/src/cfgparse.c
@@ -3696,7 +3696,7 @@ int readcfgfile(const char *file)
                                        }
                                }
                                if (skip) {
-                                       memmove(line + 1, line + 1 + skip, end - (line + skip + 1));
+                                       memmove(line + 1, line + 1 + skip, end - (line + skip));
                                        end -= skip;
                                }
                                line++;