From: Christopher Faulet <cfaulet@haproxy.com>
Date: Mon, 15 Nov 2021 08:17:25 +0000 (+0100)
Subject: BUG/MINOR: stick-table/cli: Check for invalid ipv6 key
X-Git-Tag: v2.5-dev15~49
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=b7c962b0c0;p=thirdparty%2Fhaproxy.git

BUG/MINOR: stick-table/cli: Check for invalid ipv6 key

When an ipv6 key is used to filter a CLI command on a stick table
(clear/set/show table ...), the return value of inet_pton() call must be
checked to be sure the key is valid.

This patch should fix the issue #1163. It should be backported to all
supported versions.
---

diff --git a/src/stick_table.c b/src/stick_table.c
index ae22b8349b..331ee19a03 100644
--- a/src/stick_table.c
+++ b/src/stick_table.c
@@ -4411,7 +4411,8 @@ static int table_process_entry_per_key(struct appctx *appctx, char **args)
 		static_table_key.key = &uint32_key;
 		break;
 	case SMP_T_IPV6:
-		inet_pton(AF_INET6, args[4], ip6_key);
+		if (inet_pton(AF_INET6, args[4], ip6_key) <= 0)
+			return cli_err(appctx, "Invalid key\n");
 		static_table_key.key = &ip6_key;
 		break;
 	case SMP_T_SINT: