From: William Lallemand <wlallemand@haproxy.com>
Date: Tue, 12 May 2015 12:01:09 +0000 (+0200)
Subject: BUG/MEDIUM: cfgparse: incorrect memmove in quotes management
X-Git-Tag: v1.6-dev2~119
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=3f41560f610971cd6aaa24fe240949d938109d26;p=thirdparty%2Fhaproxy.git

BUG/MEDIUM: cfgparse: incorrect memmove in quotes management

The size of the memmove was incorrect (one byte too far) in the quotes
parser and can lead to segfault during configuration parsing.
---

diff --git a/src/cfgparse.c b/src/cfgparse.c
index 39ba14515c..8469dfd248 100644
--- a/src/cfgparse.c
+++ b/src/cfgparse.c
@@ -6331,7 +6331,7 @@ int readcfgfile(const char *file)
 					dquote = 0;
 				else
 					dquote = 1;
-				memmove(line, line + 1, end - (line + 1));
+				memmove(line, line + 1, end - line);
 				end--;
 			}
 			else if (*line == '\'' && !dquote) { /* single quote outside double quotes */
@@ -6339,7 +6339,7 @@ int readcfgfile(const char *file)
 					squote = 0;
 				else
 					squote = 1;
-				memmove(line, line + 1, end - (line + 1));
+				memmove(line, line + 1, end - line);
 				end--;
 			}
 			else if (*line == '\\' && !squote) {