From: Aurelien DARRAGON <adarragon@haproxy.com>
Date: Mon, 28 Aug 2023 11:57:19 +0000 (+0200)
Subject: BUG/MINOR: stick-table/cli: Check for invalid ipv4 key
X-Git-Tag: v2.9-dev10~141
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=c6826b957053e47932ed0560a9a562d707f7dedf;p=thirdparty%2Fhaproxy.git

BUG/MINOR: stick-table/cli: Check for invalid ipv4 key

When an ipv4 key is used to filter a CLI command on a stick table
clear/set/show table ...), inetaddr_host+htonl combination was used
with no error checking.

Instead, we now use inet_pton(), which is what we use for ipv6 addresses
since b7c962b0c0 ("BUG/MINOR: stick-table/cli: Check for invalid ipv6 key")

Doing this allows us to easily check for parsing errors: we're trading off
some parsing efficience to better catch input errors and ensure we get
similar behavior between ipv4 and ipv6 addresses handling.

This patch may be backported to all supported versions.
---

diff --git a/src/stick_table.c b/src/stick_table.c
index d42cd8f6a7..905310fc6a 100644
--- a/src/stick_table.c
+++ b/src/stick_table.c
@@ -4903,7 +4903,8 @@ static int table_process_entry_per_key(struct appctx *appctx, char **args)
 
 	switch (t->type) {
 	case SMP_T_IPV4:
-		uint32_key = htonl(inetaddr_host(args[4]));
+		if (inet_pton(AF_INET, args[4], &uint32_key) <= 0)
+			return cli_err(appctx, "Invalid key\n");
 		static_table_key.key = &uint32_key;
 		break;
 	case SMP_T_IPV6: