From: Thierry Fournier <thierry.fournier@ozon.io>
Date: Tue, 10 Nov 2020 19:51:36 +0000 (+0100)
Subject: BUG/MINOR: pattern: a sample marked as const could be written
X-Git-Tag: v2.4-dev1~65
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=a68affeaa;p=thirdparty%2Fhaproxy.git

BUG/MINOR: pattern: a sample marked as const could be written

The functions add final 0 to string if the final 0 is not set,
but don't check the flag CONST. This patch duplicates the strings
if the final zero is not set and the string is CONST.

Should be backported until 2.2 (at least)
---

diff --git a/src/pattern.c b/src/pattern.c
index 88e760cc05..e62d0d05f8 100644
--- a/src/pattern.c
+++ b/src/pattern.c
@@ -448,11 +448,18 @@ struct pattern *pat_match_str(struct sample *smp, struct pattern_expr *expr, int
 
 		if (smp->data.u.str.data < smp->data.u.str.size) {
 			/* we may have to force a trailing zero on the test pattern and
-			 * the buffer is large enough to accommodate it.
+			 * the buffer is large enough to accommodate it. If the flag
+			 * CONST is set, duplicate the string
 			 */
 			prev = smp->data.u.str.area[smp->data.u.str.data];
-			if (prev)
-				smp->data.u.str.area[smp->data.u.str.data] = '\0';
+			if (prev) {
+				if (smp->flags & SMP_F_CONST) {
+					if (!smp_dup(smp))
+						return NULL;
+				} else {
+					smp->data.u.str.area[smp->data.u.str.data] = '\0';
+				}
+			}
 		}
 		else {
 			/* Otherwise, the sample is duplicated. A trailing zero