Gitiles
Code Review Sign In
git01.mediatek.com / haproxy / 94e139e38f639f162e1897d25b2756519d6c0199
commit94e139e38f639f162e1897d25b2756519d6c0199[log] [tgz]
authorAmaury Denoyelle <adenoyelle@haproxy.com>Wed Feb 21 16:10:43 2024 +0100
committerChristopher Faulet <cfaulet@haproxy.com>Fri Mar 29 15:33:34 2024 +0100
treec055f7fc106d86b75c18b4204aadb41512cacf57
parentc13d9e1e1e925a24d5c2347076d359b514f24943 [diff]
BUG/MINOR: ist: allocate nul byte on istdup

istdup() is documented as having the same behavior as strdup(). However,
it may cause confusion as it allocates a block of input length, without
an extra byte for \0 delimiter. This behavior is incoherent as in case
of an empty string however a single \0 is allocated.

This API inconsistency could cause a bug anywhere an IST is used as a
C-string after istdup() invocation. Currently, the only found issue is
with 'wait' CLI command using 'srv-unused'. This causes a buffer
overflow due to ist0() invocation after istdup() for be_name and
sv_name.

Backport should be done to all stable releases. Even if no bug has been
found outside of wait CLI implementation, it ensures the code is more
consistent on every releases.

(cherry picked from commit de02167584606d02872e8f0918c882709bec6a80)
Signed-off-by: Christopher Faulet <cfaulet@haproxy.com>
(cherry picked from commit e86b121b57ac74d97f974f8476ea431578a3d852)
Signed-off-by: Christopher Faulet <cfaulet@haproxy.com>
1 file changed
tree: c055f7fc106d86b75c18b4204aadb41512cacf57
  1. .github/
  2. addons/
  3. admin/
  4. dev/
  5. doc/
  6. examples/
  7. include/
  8. reg-tests/
  9. scripts/
  10. src/
  11. tests/
  12. .cirrus.yml
  13. .gitattributes
  14. .gitignore
  15. .mailmap
  16. .travis.yml
  17. BRANCHES
  18. BSDmakefile
  19. CHANGELOG
  20. CONTRIBUTING
  21. INSTALL
  22. LICENSE
  23. MAINTAINERS
  24. Makefile
  25. README
  26. SUBVERS
  27. VERDATE
  28. VERSION