MINOR: ssl: Add error if a crt-list might be truncated

Similar to warning during the parsing of the regular configuration file
that was added in 2fd5bdb439da29f15381aeb57c51327ba57674fc this patch adds
a warning to the parsing of a crt-list if the file does not end in a
newline (and thus might have been truncated).

The logic essentially just was copied over. It might be good to refactor
this in the future, allowing easy re-use within all line-based config
parsers.

see https://github.com/haproxy/haproxy/issues/860#issuecomment-693422936
see 0354b658f061d00d5ab4b728d7deeff2c8f1503a

This should be backported as a warning to 2.2.

diff --git a/src/ssl_crtlist.c b/src/ssl_crtlist.c
index ae67f9176e01c542b32af79e0448a4ff8344d44c..3c94bcf99e07eae9c3ee4924f8cab02ea56aea4d 100644 (file)
--- a/src/ssl_crtlist.c
+++ b/src/ssl_crtlist.c
@@ -452,6 +452,7 @@ int crtlist_parse_file(char *file, struct bind_conf *bind_conf, struct proxy *cu
        struct stat buf;
        int linenum = 0;
        int cfgerr = 0;
+       int missing_lf = -1;
 
        if ((f = fopen(file, "r")) == NULL) {
                memprintf(err, "cannot open file '%s' : %s", file, strerror(errno));
@@ -471,6 +472,14 @@ int crtlist_parse_file(char *file, struct bind_conf *bind_conf, struct proxy *cu
                char *crt_path;
                struct ckch_store *ckchs;
 
+               if (missing_lf != -1) {
+                       memprintf(err, "parsing [%s:%d]: Stray NUL character at position %d.\n",
+                                 file, linenum, (missing_lf + 1));
+                       cfgerr |= ERR_ALERT | ERR_FATAL;
+                       missing_lf = -1;
+                       break;
+               }
+
                linenum++;
                end = line + strlen(line);
                if (end-line == sizeof(thisline)-1 && *(end-1) != '\n') {
@@ -486,14 +495,22 @@ int crtlist_parse_file(char *file, struct bind_conf *bind_conf, struct proxy *cu
                if (*line == '#' || *line == '\n' || *line == '\r')
                        continue;
 
+               if (end > line && *(end-1) == '\n') {
+                       /* kill trailing LF */
+                       *(end - 1) = 0;
+               }
+               else {
+                       /* mark this line as truncated */
+                       missing_lf = end - line;
+               }
+
                entry = crtlist_entry_new();
                if (entry == NULL) {
                        memprintf(err, "Not enough memory!");
                        cfgerr |= ERR_ALERT | ERR_FATAL;
                        goto error;
                }
-               if (*(end - 1) == '\n')
-                       *(end - 1) = '\0'; /* line parser mustn't receive any \n */
+
                cfgerr |= crtlist_parse_line(thisline, &crt_path, entry, file, linenum, err);
                if (cfgerr & ERR_CODE)
                        goto error;
@@ -587,6 +604,13 @@ int crtlist_parse_file(char *file, struct bind_conf *bind_conf, struct proxy *cu
 
                entry = NULL;
        }
+
+       if (missing_lf != -1) {
+               memprintf(err, "parsing [%s:%d]: Missing LF on last line, file might have been truncated at position %d.\n",
+                         file, linenum, (missing_lf + 1));
+               cfgerr |= ERR_ALERT | ERR_FATAL;
+       }
+
        if (cfgerr & ERR_CODE)
                goto error;