Gitiles
Code Review Sign In
git01.mediatek.com / haproxy / 326a8660ace201edb4d38abdae3141d1e652af93^! / . / src / cfgparse-ssl.c
commit326a8660ace201edb4d38abdae3141d1e652af93[log] [tgz]
authorWilly Tarreau <w@1wt.eu>Mon May 09 10:31:28 2022 +0200
committerChristopher Faulet <cfaulet@haproxy.com>Fri May 13 13:49:15 2022 +0200
tree59b6e5396858881b2d5c468de31e1d74efb1a441
parentfbf2857db1e8cb8c25af55948d3fa65a8c2debb2 [diff] [blame]
BUILD: ssl: work around bogus warning in gcc 12's -Wformat-truncation

As was first reported by Ilya in issue #1513, Gcc 12 incorrectly reports
a possible overflow from the concatenation of two strings whose size was
previously checked to fit:

  src/ssl_crtlist.c: In function 'crtlist_parse_file':
  src/ssl_crtlist.c:545:58: error: '%s' directive output may be truncated writing up to 4095 bytes into a region of size between 1 and 4096 [-Werror=format-truncation=]
    545 |                         snprintf(path, sizeof(path), "%s/%s",  global_ssl.crt_base, crt_path);
        |                                                          ^~
  src/ssl_crtlist.c:545:25: note: 'snprintf' output between 2 and 8192 bytes into a destination of size 4097
    545 |                         snprintf(path, sizeof(path), "%s/%s",  global_ssl.crt_base, crt_path);
        |                         ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

It would be a bit concerning to disable -Wformat-truncation because it
might detect real programming mistakes at other places. The solution
adopted in this patch is absolutely ugly and error-prone, but it works,
it consists in integrating the snprintf() call in the error condition
and to test the result again. Let's hope a smarter compiler will not
warn that this test is absurd since guaranteed by the first condition...

This may have to be backported for those suffering from a compiler upgrade.

(cherry picked from commit 393e42ae5f8080f8637de505a86c987773d29a12)
Signed-off-by: Christopher Faulet <cfaulet@haproxy.com>
(cherry picked from commit 56b89eb1434408658398471516b968cb4d1298bf)
Signed-off-by: Christopher Faulet <cfaulet@haproxy.com>

diff --git a/src/cfgparse-ssl.c b/src/cfgparse-ssl.c
index 44cad4b..654b020 100644
--- a/src/cfgparse-ssl.c
+++ b/src/cfgparse-ssl.c

@@ -651,11 +651,11 @@
 	}
 
 	if ((*args[cur_arg + 1] != '/' ) && global_ssl.crt_base) {
-		if ((strlen(global_ssl.crt_base) + 1 + strlen(args[cur_arg + 1]) + 1) > MAXPATHLEN) {
+		if ((strlen(global_ssl.crt_base) + 1 + strlen(args[cur_arg + 1]) + 1) > sizeof(path) ||
+		    snprintf(path, sizeof(path), "%s/%s",  global_ssl.crt_base, args[cur_arg + 1]) > sizeof(path)) {
 			memprintf(err, "'%s' : path too long", args[cur_arg]);
 			return ERR_ALERT | ERR_FATAL;
 		}
-		snprintf(path, sizeof(path), "%s/%s",  global_ssl.crt_base, args[cur_arg + 1]);
 		return ssl_sock_load_cert(path, conf, err);
 	}