RepoMirrors/haproxy
1
0
Fork 0
mirror of http://git.haproxy.org/git/haproxy.git/ synced 2025-04-01 22:48:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

MINOR: ssl: Add error if a crt-list might be truncated

Browse Source 
Similar to warning during the parsing of the regular configuration file
that was added in 2fd5bdb439 this patch adds
a warning to the parsing of a crt-list if the file does not end in a
newline (and thus might have been truncated).

The logic essentially just was copied over. It might be good to refactor
this in the future, allowing easy re-use within all line-based config
parsers.

see https://github.com/haproxy/haproxy/issues/860#issuecomment-693422936
see 0354b658f0

This should be backported as a warning to 2.2.
This commit is contained in:
Tim Duesterhus 2020-09-29 18:00:28 +02:00 committed by William Lallemand
parent 6d07fae3c0
commit b9f6accc9e
1 changed files with 26 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

28
src/ssl_crtlist.c
View File

@ -452,6 +452,7 @@ int crtlist_parse_file(char *file, struct bind_conf *bind_conf, struct proxy *cu
struct stat buf;
int linenum = 0;
int cfgerr = 0;
int missing_lf = -1;
if ((f = fopen(file, "r")) == NULL) {
memprintf(err, "cannot open file '%s' : %s", file, strerror(errno));
@ -471,6 +472,14 @@ int crtlist_parse_file(char *file, struct bind_conf *bind_conf, struct proxy *cu
char *crt_path;
struct ckch_store *ckchs;
if (missing_lf != -1) {
memprintf(err, "parsing [%s:%d]: Stray NUL character at position %d.\n",
file, linenum, (missing_lf + 1));
cfgerr |= ERR_ALERT | ERR_FATAL;
missing_lf = -1;
break;
}
linenum++;
end = line + strlen(line);
if (end-line == sizeof(thisline)-1 && *(end-1) != '\n') {
@ -486,14 +495,22 @@ int crtlist_parse_file(char *file, struct bind_conf *bind_conf, struct proxy *cu
if (*line == '#' || *line == '\n' || *line == '\r')
continue;
if (end > line && *(end-1) == '\n') {
/* kill trailing LF */
*(end - 1) = 0;
}
else {
/* mark this line as truncated */
missing_lf = end - line;
}
entry = crtlist_entry_new();
if (entry == NULL) {
memprintf(err, "Not enough memory!");
cfgerr |= ERR_ALERT | ERR_FATAL;
goto error;
}
if (*(end - 1) == '\n')
*(end - 1) = '\0'; /* line parser mustn't receive any \n */
cfgerr |= crtlist_parse_line(thisline, &crt_path, entry, file, linenum, err);
if (cfgerr & ERR_CODE)
goto error;
@ -587,6 +604,13 @@ int crtlist_parse_file(char *file, struct bind_conf *bind_conf, struct proxy *cu
entry = NULL;
}
if (missing_lf != -1) {
memprintf(err, "parsing [%s:%d]: Missing LF on last line, file might have been truncated at position %d.\n",
file, linenum, (missing_lf + 1));
cfgerr |= ERR_ALERT | ERR_FATAL;
}
if (cfgerr & ERR_CODE)
goto error;