From: Willy Tarreau <w@1wt.eu>
Date: Sun, 16 Feb 2020 09:46:37 +0000 (+0100)
Subject: BUG/MINOR: arg: fix again incorrect argument length check
X-Git-Tag: v2.2-dev3~62
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=9af749b43edd19dc8e2c0145ca378b3893698bda;p=thirdparty%2Fhaproxy.git

BUG/MINOR: arg: fix again incorrect argument length check

Recent commit 807aef8a14 ("BUG/MINOR: arg: report an error if an argument
is larger than bufsize") aimed at fixing the argument length check but
relied on the fact that the end of string was not reached, except that
it forgot to consider the delimiters (comma and parenthesis) which are
valid conditions to break out of the loop. This used to break simple
expressions like "hdr(xff,1)". Thanks to Jérôme for reporting this.

No backport is needed.
---

diff --git a/src/arg.c b/src/arg.c
index dffbb2efe9..90742265cc 100644
--- a/src/arg.c
+++ b/src/arg.c
@@ -214,7 +214,7 @@ int make_arg_list(const char *in, int len, uint64_t mask, struct arg **argp,
 			trash.data = out - trash.area;
 		}
 
-		if (len && *in)
+		if (len && *in && *in != ',' && *in != ')')
 			goto buffer_err;
 
 		trash.area[trash.data] = 0;