BUG/MINOR: cfgparse: abort earlier in case of allocation error
In issue #1563, Coverity reported a very interesting issue about a
possible UAF in the config parser if the config file ends in with a
very large line followed by an empty one and the large one causes an
allocation failure.
The issue essentially is that we try to go on with the next line in case
of allocation error, while there's no point doing so. If we failed to
allocate memory to read one config line, the same may happen on the next
one, and blatantly dropping it while trying to parse what follows it. In
the best case, subsequent errors will be incorrect due to this prior error
(e.g. a large ACL definition with many patterns, followed by a reference of
this ACL).
Let's just immediately abort in such a condition where there's no recovery
possible.
This may be backported to all versions once the issue is confirmed to be
addressed.
Thanks to Ilya for the report.
(cherry picked from commit 8ec9c81ac4fc70c32c6183b59d7bab9cbf1f5c5b)
Signed-off-by: Christopher Faulet <cfaulet@haproxy.com>
(cherry picked from commit dbcd9db858a8f5122a89b1fc06b93dfb6ab848f2)
Signed-off-by: Christopher Faulet <cfaulet@haproxy.com>
diff --git a/src/cfgparse.c b/src/cfgparse.c
index 5215747..6d80bc3 100644
--- a/src/cfgparse.c
+++ b/src/cfgparse.c
@@ -2024,10 +2024,10 @@
if (outline == NULL) {
ha_alert("parsing [%s:%d]: line too long, cannot allocate memory.\n",
file, linenum);
- err_code |= ERR_ALERT | ERR_FATAL;
+ err_code |= ERR_ALERT | ERR_FATAL | ERR_ABORT;
fatal++;
outlinesize = 0;
- goto next_line;
+ goto err;
}
/* try again */
continue;