From: Willy Tarreau Date: Wed, 22 Aug 2018 03:08:57 +0000 (+0200) Subject: BUG/MEDIUM: http: don't store url_decode() result in the samples's length X-Git-Tag: v1.9-dev2~128 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=9c768fdca19b292c17099928e1efdf40bf53fc6e;p=thirdparty%2Fhaproxy.git BUG/MEDIUM: http: don't store url_decode() result in the samples's length By convenience or laziness we used to store url_decode()'s return code into smp->data.u.str.data. The result checks applied there compare it to 0 while it's now unsigned since commit 843b7cb ("MEDIUM: chunks: make the chunk struct's fields match the buffer struct "). Let's clean this up and test the result itself without storing it first. No backport is needed. --- diff --git a/src/proto_http.c b/src/proto_http.c index 2605c770e6..a7a8dadd67 100644 --- a/src/proto_http.c +++ b/src/proto_http.c @@ -11827,6 +11827,8 @@ expect_comma: /* This fetch url-decode any input string. */ static int sample_conv_url_dec(const struct arg *args, struct sample *smp, void *private) { + int len; + /* If the constant flag is set or if not size is avalaible at * the end of the buffer, copy the string in other buffer * before decoding. @@ -11841,8 +11843,11 @@ static int sample_conv_url_dec(const struct arg *args, struct sample *smp, void /* Add final \0 required by url_decode(), and convert the input string. */ smp->data.u.str.area[smp->data.u.str.data] = '\0'; - smp->data.u.str.data = url_decode(smp->data.u.str.area); - return (smp->data.u.str.data >= 0); + len = url_decode(smp->data.u.str.area); + if (len < 0) + return 0; + smp->data.u.str.data = len; + return 1; } static int smp_conv_req_capture(const struct arg *args, struct sample *smp, void *private)