BUG/MINOR: sample: Always consider zero size string samples as unsafe
smp_is_safe() function is used to be sure a sample may be safely
modified. For string samples, a test is performed to verify if there is a
null-terminated byte. If not, one is added, if possible. It means if the
sample is not const and if there is some free space in the buffer, after
data. However, we must not try to read the null-terminated byte if the
string sample is too long (data >= size) or if the size is equal to
zero. This last test was not performed. Thus it was possible to consider a
string sample as safe by testing a byte outside the buffer.
Now, a zero size string sample is always considered as unsafe and is
duplicated when smp_make_safe() is called.
This patch must be backported in all stable versions.
(cherry picked from commit 8dd40fbde9d51cf7bf0ee622a5bc5c1f56048d84)
Signed-off-by: Christopher Faulet <cfaulet@haproxy.com>
(cherry picked from commit f07249871c4e1f710322655bb0ff8bb089207283)
Signed-off-by: Christopher Faulet <cfaulet@haproxy.com>
(cherry picked from commit 01f6efed6ba55ff45b51829ad229a9e38be8ecab)
Signed-off-by: Christopher Faulet <cfaulet@haproxy.com>
(cherry picked from commit c2f7d7d8f3e06fd21de3f5b208c8fe35636e9ba8)
Signed-off-by: Christopher Faulet <cfaulet@haproxy.com>
1 file changed