BUG/MINOR: cfgparse: Check if tune.http.maxhdr is in the range 1..32767 We cannot store more than 32K headers in the structure hdr_idx, because internaly we use signed short integers. To avoid any bugs (due to an integers overflow), a check has been added on tune.http.maxhdr to be sure to not set a value greater than 32767 and lower than 1 (because this is a nonsense to set this parameter to a value <= 0). The documentation has been updated accordingly. This patch can be backported in 1.7, 1.6 and 1.5.

commit: 50174f36003141297a4824dd0b98a2f0e6d4997d [log] [tgz]
author: Christopher Faulet <cfaulet@haproxy.com> Wed Jun 21 16:31:35 2017 +0200
committer: Willy Tarreau <w@1wt.eu> Wed Jun 21 17:18:59 2017 +0200
tree: b090525a38c2024d36ee2fa4212afb6415aa51fb
parent: 5d6e5f86c51cef6c22c6aeacc6b0e528f8fe58e9 [diff] [blame]
diff --git a/src/cfgparse.c b/src/cfgparse.c
index 261a0eb..3706bca 100644
--- a/src/cfgparse.c
+++ b/src/cfgparse.c

@@ -916,7 +916,13 @@
 			err_code |= ERR_ALERT | ERR_FATAL;
 			goto out;
 		}
-		global.tune.max_http_hdr = atol(args[1]);
+		global.tune.max_http_hdr = atoi(args[1]);
+		if (global.tune.max_http_hdr < 1 || global.tune.max_http_hdr > 32767) {
+			Alert("parsing [%s:%d] : '%s' expects a numeric value between 1 and 32767\n",
+			      file, linenum, args[0]);
+			err_code |= ERR_ALERT | ERR_FATAL;
+			goto out;
+		}
 	}
 	else if (!strcmp(args[0], "tune.comp.maxlevel")) {
 		if (alertif_too_many_args(1, file, linenum, args, &err_code))
commit	50174f36003141297a4824dd0b98a2f0e6d4997d	[log] [tgz]
author	Christopher Faulet <cfaulet@haproxy.com>	Wed Jun 21 16:31:35 2017 +0200
committer	Willy Tarreau <w@1wt.eu>	Wed Jun 21 17:18:59 2017 +0200
tree	b090525a38c2024d36ee2fa4212afb6415aa51fb
parent	5d6e5f86c51cef6c22c6aeacc6b0e528f8fe58e9 [diff] [blame]