From dd1b01d027bc3f71006d038942c81613b8872edc Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Cyril=20Bont=C3=A9?= <cyril.bonte@free.fr>
Date: Sun, 6 Dec 2009 13:43:42 +0100
Subject: [PATCH] [BUG] Configuration parser bug when escaping characters

Today I was testing headers manipulation but I met a bug with my first test.
To reproduce it, add for example this line :

    rspadd Cache-Control:\ max-age=1500

Check the response header, it will provide :

Cache-Control: max-age=15000 <= the last character is duplicated

This only happens when we use backslashes on the last line of the
configuration file, without returning to the line.

Also if the last line is like :
  rspadd Cache-Control:\ max-age=1500\

the last backslash causes a segfault.

This is not due to rspadd but to a more general bug in cfgparse.c :
...
if (skip) {
        memmove(line + 1, line + 1 + skip, end - (line + skip + 1));
        end -= skip;
}
...

should be :
...
if (skip) {
        memmove(line + 1, line + 1 + skip, end - (line + skip));
        end -= skip;
}
...

I've reproduced it with haproxy 1.3.22 and the last 1.4 snapshot.
---
 src/cfgparse.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/cfgparse.c b/src/cfgparse.c
index e74b7687a..4ab5e4bfb 100644
--- a/src/cfgparse.c
+++ b/src/cfgparse.c
@@ -3988,7 +3988,7 @@ int readcfgfile(const char *file)
 					}
 				}
 				if (skip) {
-					memmove(line + 1, line + 1 + skip, end - (line + skip + 1));
+					memmove(line + 1, line + 1 + skip, end - (line + skip));
 					end -= skip;
 				}
 				line++;