[BUG] Fix NULL pointer dereference in stats_check_uri_auth(), v2
Recent "struct chunk rework" introduced a NULL pointer dereference
and now haproxy segfaults if auth is required for stats but not found.
The reason is that size_t cannot store negative values, but current
code assumes that "len < 0" == uninitialized.
This patch fixes it.
diff --git a/include/proto/buffers.h b/include/proto/buffers.h
index cec7b02..e061b2c 100644
--- a/include/proto/buffers.h
+++ b/include/proto/buffers.h
@@ -439,9 +439,9 @@
}
/* report 0 in case of error, 1 if OK. */
-static inline int chunk_initlen(struct chunk *chk, char *str, size_t size, size_t len) {
+static inline int chunk_initlen(struct chunk *chk, char *str, size_t size, int len) {
- if (len > size)
+ if (size && len > size)
return 0;
chk->str = str;
diff --git a/include/types/buffers.h b/include/types/buffers.h
index 133285f..fc070bd 100644
--- a/include/types/buffers.h
+++ b/include/types/buffers.h
@@ -149,7 +149,7 @@
struct chunk {
char *str; /* beginning of the string itself. Might not be 0-terminated */
size_t size; /* total size of the buffer, 0 if the *str is read-only */
- size_t len; /* current size of the string from first to last char. <0 = uninit. */
+ int len; /* current size of the string from first to last char. <0 = uninit. */
};
/* needed for a declaration below */
diff --git a/src/proto_http.c b/src/proto_http.c
index 4638d09..8698594 100644
--- a/src/proto_http.c
+++ b/src/proto_http.c
@@ -4596,8 +4596,7 @@
int len = txn->hdr_idx.v[cur_idx].len;
if (len > 14 &&
!strncasecmp("Authorization:", h, 14)) {
- txn->auth_hdr.str = h;
- txn->auth_hdr.len = len;
+ chunk_initlen(&txn->auth_hdr, h, 0, len);
break;
}
h += len + txn->hdr_idx.v[cur_idx].cr + 1;