From: Emmanuel Hocdet <manu@gandi.net>
Date: Fri, 13 May 2016 09:18:50 +0000 (+0200)
Subject: MINOR: ssl: crt-list parsing factor
X-Git-Tag: v1.7-dev4~66
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=5e0e6e409b39097d706b6788f296f13a8d25ece6;p=thirdparty%2Fhaproxy.git

MINOR: ssl: crt-list parsing factor

LINESIZE and MAX_LINE_ARGS are too low for parsing crt-list.
---

diff --git a/include/common/defaults.h b/include/common/defaults.h
index 1c971d9f36..3e04f022c8 100644
--- a/include/common/defaults.h
+++ b/include/common/defaults.h
@@ -74,6 +74,9 @@
 // max # args on a configuration line
 #define MAX_LINE_ARGS   64
 
+// crt-list parsing factor for LINESIZE and MAX_LINE_ARGS
+#define CRTLIST_FACTOR  32
+
 // max # args on a stats socket
 // This should cover at least 5 + twice the # of data_types
 #define MAX_STATS_ARGS  64
diff --git a/src/ssl_sock.c b/src/ssl_sock.c
index 957bc9790a..e0a1616657 100644
--- a/src/ssl_sock.c
+++ b/src/ssl_sock.c
@@ -2446,7 +2446,7 @@ static int ssl_initialize_random()
 
 int ssl_sock_load_cert_list_file(char *file, struct bind_conf *bind_conf, struct proxy *curproxy, char **err)
 {
-	char thisline[LINESIZE];
+	char thisline[LINESIZE*CRTLIST_FACTOR];
 	FILE *f;
 	struct stat buf;
 	int linenum = 0;
@@ -2461,7 +2461,7 @@ int ssl_sock_load_cert_list_file(char *file, struct bind_conf *bind_conf, struct
 		int arg;
 		int newarg;
 		char *end;
-		char *args[MAX_LINE_ARGS + 1];
+		char *args[MAX_LINE_ARGS*CRTLIST_FACTOR + 1];
 		char *line = thisline;
 
 		linenum++;
@@ -2489,7 +2489,7 @@ int ssl_sock_load_cert_list_file(char *file, struct bind_conf *bind_conf, struct
 				*line = 0;
 			}
 			else if (newarg) {
-				if (arg == MAX_LINE_ARGS) {
+				if (arg == MAX_LINE_ARGS*CRTLIST_FACTOR) {
 					memprintf(err, "too many args on line %d in file '%s'.",
 						  linenum, file);
 					cfgerr = 1;