From: Willy Tarreau <w@1wt.eu>
Date: Wed, 22 Aug 2018 03:14:37 +0000 (+0200)
Subject: BUG/MINOR: chunks: do not store -1 into chunk_printf() in case of error
X-Git-Tag: v1.9-dev2~130
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=5f6333cacaec613bf373d8747035c4fde0405270;p=thirdparty%2Fhaproxy.git

BUG/MINOR: chunks: do not store -1 into chunk_printf() in case of error

Since commit 843b7cb ("MEDIUM: chunks: make the chunk struct's fields
match the buffer struct") a chunk length is unsigned so we can't reliably
store -1 and check for negative values in the caller. Only one such
location was found in proto_http's http-request auth rules (which cannot
realistically fail).

No backport is needed.
---

diff --git a/src/chunk.c b/src/chunk.c
index 56070e28ac..7e90ee6e2e 100644
--- a/src/chunk.c
+++ b/src/chunk.c
@@ -149,10 +149,9 @@ int chunk_printf(struct buffer *chk, const char *fmt, ...)
 	va_start(argp, fmt);
 	ret = vsnprintf(chk->area, chk->size, fmt, argp);
 	va_end(argp);
-	chk->data = ret;
 
 	if (ret >= chk->size)
-		ret = -1;
+		return -1;
 
 	chk->data = ret;
 	return chk->data;
diff --git a/src/proto_http.c b/src/proto_http.c
index 999c39ebfa..6a1722f39d 100644
--- a/src/proto_http.c
+++ b/src/proto_http.c
@@ -3845,8 +3845,7 @@ int http_process_request(struct stream *s, struct channel *req, int an_bit)
 	}
 
 	if (sess->fe->header_unique_id && s->unique_id) {
-		chunk_printf(&trash, "%s: %s", sess->fe->header_unique_id, s->unique_id);
-		if (trash.data < 0)
+		if (chunk_printf(&trash, "%s: %s", sess->fe->header_unique_id, s->unique_id) < 0)
 			goto return_bad_req;
 		if (unlikely(http_header_add_tail2(&txn->req, &txn->hdr_idx, trash.area, trash.data) < 0))
 		   goto return_bad_req;