[BUG] Configuration parser bug when escaping characters

Today I was testing headers manipulation but I met a bug with my first test.
To reproduce it, add for example this line :

    rspadd Cache-Control:\ max-age=1500

Check the response header, it will provide :

Cache-Control: max-age=15000 <= the last character is duplicated

This only happens when we use backslashes on the last line of the
configuration file, without returning to the line.

Also if the last line is like :
  rspadd Cache-Control:\ max-age=1500\

the last backslash causes a segfault.

This is not due to rspadd but to a more general bug in cfgparse.c :
...
if (skip) {
        memmove(line + 1, line + 1 + skip, end - (line + skip + 1));
        end -= skip;
}
...

should be :
...
if (skip) {
        memmove(line + 1, line + 1 + skip, end - (line + skip));
        end -= skip;
}
...

I've reproduced it with haproxy 1.3.22 and the last 1.4 snapshot.

diff --git a/src/cfgparse.c b/src/cfgparse.c
index e74b7687afb40c18ae5e37641854b92b94752d59..4ab5e4bfb0d27e5e7ac0ee6546864c071a7ff280 100644 (file)
--- a/src/cfgparse.c
+++ b/src/cfgparse.c
@@ -3988,7 +3988,7 @@ int readcfgfile(const char *file)
                                        }
                                }
                                if (skip) {
-                                       memmove(line + 1, line + 1 + skip, end - (line + skip + 1));
+                                       memmove(line + 1, line + 1 + skip, end - (line + skip));
                                        end -= skip;
                                }
                                line++;