From 9af749b43edd19dc8e2c0145ca378b3893698bda Mon Sep 17 00:00:00 2001 From: Willy Tarreau Date: Sun, 16 Feb 2020 10:46:37 +0100 Subject: [PATCH] BUG/MINOR: arg: fix again incorrect argument length check MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Recent commit 807aef8a14 ("BUG/MINOR: arg: report an error if an argument is larger than bufsize") aimed at fixing the argument length check but relied on the fact that the end of string was not reached, except that it forgot to consider the delimiters (comma and parenthesis) which are valid conditions to break out of the loop. This used to break simple expressions like "hdr(xff,1)". Thanks to Jérôme for reporting this. No backport is needed. --- src/arg.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/arg.c b/src/arg.c index dffbb2efe..90742265c 100644 --- a/src/arg.c +++ b/src/arg.c @@ -214,7 +214,7 @@ int make_arg_list(const char *in, int len, uint64_t mask, struct arg **argp, trash.data = out - trash.area; } - if (len && *in) + if (len && *in && *in != ',' && *in != ')') goto buffer_err; trash.area[trash.data] = 0;