From: Amaury Denoyelle <adenoyelle@haproxy.com>
Date: Thu, 15 Dec 2022 08:27:34 +0000 (+0100)
Subject: MINOR: http-htx: add BUG_ON to prevent API error on http_cookie_register
X-Git-Tag: v2.8-dev1~122
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=4328b61bb33f99d902eb8bf6b4b8fb6423dbee0b;p=thirdparty%2Fhaproxy.git

MINOR: http-htx: add BUG_ON to prevent API error on http_cookie_register

http_cookie_register() must be called on first invocation with the last
two arguments pointing both to a negative value. After it, they will be
updated to a valid index.

We must never have only the last argument as NULL as this will cause an
invalid array addressing. To clarify this a BUG_ON statement is
introduced.

This is linked to github issue #1967.
---

diff --git a/src/http_htx.c b/src/http_htx.c
index 5cb0b2948f..2978f2eb40 100644
--- a/src/http_htx.c
+++ b/src/http_htx.c
@@ -1817,6 +1817,11 @@ void http_cookie_register(struct http_hdr *list, int idx, int *first, int *last)
 	 * the next one. The last entry will contains -1.
 	 */
 
+	/* Caller is responsible to initialize *first and *last to -1 on first
+	 * invocation. Both will thus be set to a valid index after it.
+	 */
+	BUG_ON(*first > 0 && *last < 0);
+
 	/* Mark the current end of cookie linked list. */
 	list[idx].n.len = -1;
 	if (*first < 0) {