mirror of
https://github.com/haproxy/haproxy.git
synced 2026-05-28 04:12:17 -04:00
BUG/MINOR: cfgcond: fail cleanly on missing argument for "feature"
The "feature" predicate takes an argument name. Not passing one will
cause strstr() to always find something, including at the end of the
string, and to read past end that ASAN detects. We need to check that
we didn't reach end before proceeding.
This bug was reported by OSS Fuzz here:
https://issues.oss-fuzz.com/issues/499133314
The issue is present since 2.4 with commit 58ca706e16 ("MINOR: config:
add predicate "feature" to detect certain built-in features") so this
fix must be backported to all stable versions.
This commit is contained in:
Willy Tarreau
parent
f9ba750fd9
commit
efb1ab57be
1 changed files with 1 additions and 1 deletions
|
|
@ -232,7 +232,7 @@ int cfg_eval_cond_term(const struct cfg_cond_term *term, char **err)
|
|||
const char *p;
|
||||
|
||||
ret = 0; // assume feature not found
|
||||
for (p = build_features; (p = strstr(p, term->args[0].data.str.area)); p++) {
|
||||
for (p = build_features; *p && (p = strstr(p, term->args[0].data.str.area)); p++) {
|
||||
if (p > build_features &&
|
||||
(p[term->args[0].data.str.data] == ' ' ||
|
||||
p[term->args[0].data.str.data] == 0)) {
|
||||
|
|
|
|||
Loading…
Reference in a new issue