From: William Lallemand <wlallemand@haproxy.com>
Date: Wed, 17 Apr 2024 18:28:36 +0000 (+0200)
Subject: BUG/MINOR: ssl: check on forbidden character on wrong value
X-Git-Tag: v3.0-dev8~30
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=ff4a0f656211499e1098a5bdd03e65034c14c0b9;p=thirdparty%2Fhaproxy.git

BUG/MINOR: ssl: check on forbidden character on wrong value

The check on the forbidden '/' for the crt-store load keyword was done
on the keyword instead of the value itself.

No backport needed.
---

diff --git a/src/ssl_ckch.c b/src/ssl_ckch.c
index fea0b9631b..81752e1910 100644
--- a/src/ssl_ckch.c
+++ b/src/ssl_ckch.c
@@ -4086,7 +4086,7 @@ static int crtstore_parse_load(char **args, int section_type, struct proxy *curp
 				if (strcmp("alias", args[cur_arg]) == 0) {
 					int rv;
 
-					if (*args[cur_arg] == '/') {
+					if (*args[cur_arg + 1] == '/') {
 						memprintf(err, "parsing [%s:%d] : cannot parse '%s' value '%s', '/' is forbidden as the first character.\n",
 						          file, linenum, args[cur_arg], args[cur_arg + 1]);
 						err_code |= ERR_ALERT | ERR_FATAL;