BUG/MINOR: ist: allocate nul byte on istdup
istdup() is documented as having the same behavior as strdup(). However,
it may cause confusion as it allocates a block of input length, without
an extra byte for \0 delimiter. This behavior is incoherent as in case
of an empty string however a single \0 is allocated.
This API inconsistency could cause a bug anywhere an IST is used as a
C-string after istdup() invocation. Currently, the only found issue is
with 'wait' CLI command using 'srv-unused'. This causes a buffer
overflow due to ist0() invocation after istdup() for be_name and
sv_name.
Backport should be done to all stable releases. Even if no bug has been
found outside of wait CLI implementation, it ensures the code is more
consistent on every releases.
(cherry picked from commit de02167584606d02872e8f0918c882709bec6a80)
Signed-off-by: Christopher Faulet <cfaulet@haproxy.com>
(cherry picked from commit e86b121b57ac74d97f974f8476ea431578a3d852)
Signed-off-by: Christopher Faulet <cfaulet@haproxy.com>
(cherry picked from commit 94e139e38f639f162e1897d25b2756519d6c0199)
Signed-off-by: Christopher Faulet <cfaulet@haproxy.com>
(cherry picked from commit e539095c7f15b5ae29e533a8a28ab70dd201b36f)
Signed-off-by: Christopher Faulet <cfaulet@haproxy.com>
(cherry picked from commit 5c1641c7d28f39096a97a974fee5d1ad4eed8925)
Signed-off-by: Christopher Faulet <cfaulet@haproxy.com>
diff --git a/include/import/ist.h b/include/import/ist.h
index 31566b1..a63d95e 100644
--- a/include/import/ist.h
+++ b/include/import/ist.h
@@ -938,16 +938,13 @@
*/
static inline struct ist istdup(const struct ist src)
{
- const size_t src_size = src.len;
-
- /* Allocate at least 1 byte to allow duplicating an empty string with
- * malloc implementations that return NULL for a 0-size allocation.
- */
- struct ist dst = istalloc(src_size ? src_size : 1);
+ /* Allocate 1 extra byte to add an extra \0 delimiter. */
+ struct ist dst = istalloc(src.len + 1);
if (isttest(dst)) {
- istcpy(&dst, src, src_size);
+ istcpy(&dst, src, src.len);
}
+ dst.ptr[dst.len] = '\0';
return dst;
}