From: David Carlier <dcarlier@deviceatlas.com>
Date: Sat, 14 Feb 2026 13:23:58 +0000 (+0000)
Subject: BUG/MINOR: deviceatlas: fix off-by-one in da_haproxy_conv()
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=7098b4f93a4ffcd170d94adcd32e3a082538db17;p=thirdparty%2Fhaproxy.git

BUG/MINOR: deviceatlas: fix off-by-one in da_haproxy_conv()

The user-agent string copy had an off-by-one error: the buffer size
limit did not account for the null terminator, and the memcpy length
used i-1 which truncated the last character of the user-agent string.

This should be backported to lower branches.
---

diff --git a/addons/deviceatlas/da.c b/addons/deviceatlas/da.c
index d40041a6a..3532c5541 100644
--- a/addons/deviceatlas/da.c
+++ b/addons/deviceatlas/da.c
@@ -393,8 +393,7 @@ static int da_haproxy_conv(const struct arg *args, struct sample *smp, void *pri
 {
 	da_deviceinfo_t devinfo;
 	da_status_t status;
-	const char *useragent;
-	char useragentbuf[1024] = { 0 };
+	char useragentbuf[1024];
 	int i;
 
 	if (global_deviceatlas.daset == 0 || smp->data.u.str.data == 0) {
@@ -403,14 +402,12 @@ static int da_haproxy_conv(const struct arg *args, struct sample *smp, void *pri
 
 	da_haproxy_checkinst();
 
-	i = smp->data.u.str.data > sizeof(useragentbuf) ? sizeof(useragentbuf) : smp->data.u.str.data;
-	memcpy(useragentbuf, smp->data.u.str.area, i - 1);
-	useragentbuf[i - 1] = 0;
-
-	useragent = (const char *)useragentbuf;
+	i = smp->data.u.str.data > sizeof(useragentbuf) - 1 ? sizeof(useragentbuf) - 1 : smp->data.u.str.data;
+	memcpy(useragentbuf, smp->data.u.str.area, i);
+	useragentbuf[i] = 0;
 
 	status = da_search(&global_deviceatlas.atlas, &devinfo,
-		global_deviceatlas.useragentid, useragent, 0);
+		global_deviceatlas.useragentid, useragentbuf, 0);
 
 	return status != DA_OK ? 0 : da_haproxy(args, smp, &devinfo);
 }