see https://github.com/haproxy/haproxy/issues/860#issuecomment-693422936
see 0354b658f061d00d5ab4b728d7deeff2c8f1503a

This should be backported as a warning to 2.2.
---
 src/ssl_crtlist.c | 28 ++++++++++++++++++++++++++--
 1 file changed, 26 insertions(+), 2 deletions(-)

diff --git a/src/ssl_crtlist.c b/src/ssl_crtlist.c
index f1c15e051..c0987bc17 100644
--- a/src/ssl_crtlist.c
+++ b/src/ssl_crtlist.c
@@ -452,6 +452,7 @@ int crtlist_parse_file(char *file, struct bind_conf 
*bind_conf, struct proxy *cu
        struct stat buf;
        int linenum = 0;
        int cfgerr = 0;
+       int missing_lf = -1;
 
        if ((f = fopen(file, "r")) == NULL) {
                memprintf(err, "cannot open file '%s' : %s", file, 
strerror(errno));
@@ -471,6 +472,14 @@ int crtlist_parse_file(char *file, struct bind_conf 
*bind_conf, struct proxy *cu
                char *crt_path;
                struct ckch_store *ckchs;
 
+               if (missing_lf != -1) {
+                       memprintf(err, "parsing [%s:%d]: Stray NUL character at 
position %d.\n",
+                                 file, linenum, (missing_lf + 1));
+                       cfgerr |= ERR_ALERT | ERR_FATAL;
+                       missing_lf = -1;
+                       break;
+               }
+
                linenum++;
                end = line + strlen(line);
                if (end-line == sizeof(thisline)-1 && *(end-1) != '\n') {
@@ -486,14 +495,22 @@ int crtlist_parse_file(char *file, struct bind_conf 
*bind_conf, struct proxy *cu
                if (*line == '#' || *line == '\n' || *line == '\r')
                        continue;
 
+               if (end > line && *(end-1) == '\n') {
+                       /* kill trailing LF */
+                       *(end - 1) = 0;
+               }
+               else {
+                       /* mark this line as truncated */
+                       missing_lf = end - line;
+               }
+
                entry = crtlist_entry_new();
                if (entry == NULL) {
                        memprintf(err, "Not enough memory!");
                        cfgerr |= ERR_ALERT | ERR_FATAL;
                        goto error;
                }
-               if (*(end - 1) == '\n')
-                       *(end - 1) = '\0'; /* line parser mustn't receive any 
\n */
+
                cfgerr |= crtlist_parse_line(thisline, &crt_path, entry, file, 
linenum, err);
                if (cfgerr & ERR_CODE)
                        goto error;
@@ -587,6 +604,13 @@ int crtlist_parse_file(char *file, struct bind_conf 
*bind_conf, struct proxy *cu
 
                entry = NULL;
        }
+
+       if (missing_lf != -1) {
+               memprintf(err, "parsing [%s:%d]: Missing LF on last line, file 
might have been truncated at position %d.\n",
+                         file, linenum, (missing_lf + 1));
+               cfgerr |= ERR_ALERT | ERR_FATAL;
+       }
+
        if (cfgerr & ERR_CODE)
                goto error;
 
-- 
2.28.0


Reply via email to