see https://github.com/haproxy/haproxy/issues/860#issuecomment-693422936 see 0354b658f061d00d5ab4b728d7deeff2c8f1503a
This should be backported as a warning to 2.2. --- src/ssl_crtlist.c | 28 ++++++++++++++++++++++++++-- 1 file changed, 26 insertions(+), 2 deletions(-) diff --git a/src/ssl_crtlist.c b/src/ssl_crtlist.c index f1c15e051..c0987bc17 100644 --- a/src/ssl_crtlist.c +++ b/src/ssl_crtlist.c @@ -452,6 +452,7 @@ int crtlist_parse_file(char *file, struct bind_conf *bind_conf, struct proxy *cu struct stat buf; int linenum = 0; int cfgerr = 0; + int missing_lf = -1; if ((f = fopen(file, "r")) == NULL) { memprintf(err, "cannot open file '%s' : %s", file, strerror(errno)); @@ -471,6 +472,14 @@ int crtlist_parse_file(char *file, struct bind_conf *bind_conf, struct proxy *cu char *crt_path; struct ckch_store *ckchs; + if (missing_lf != -1) { + memprintf(err, "parsing [%s:%d]: Stray NUL character at position %d.\n", + file, linenum, (missing_lf + 1)); + cfgerr |= ERR_ALERT | ERR_FATAL; + missing_lf = -1; + break; + } + linenum++; end = line + strlen(line); if (end-line == sizeof(thisline)-1 && *(end-1) != '\n') { @@ -486,14 +495,22 @@ int crtlist_parse_file(char *file, struct bind_conf *bind_conf, struct proxy *cu if (*line == '#' || *line == '\n' || *line == '\r') continue; + if (end > line && *(end-1) == '\n') { + /* kill trailing LF */ + *(end - 1) = 0; + } + else { + /* mark this line as truncated */ + missing_lf = end - line; + } + entry = crtlist_entry_new(); if (entry == NULL) { memprintf(err, "Not enough memory!"); cfgerr |= ERR_ALERT | ERR_FATAL; goto error; } - if (*(end - 1) == '\n') - *(end - 1) = '\0'; /* line parser mustn't receive any \n */ + cfgerr |= crtlist_parse_line(thisline, &crt_path, entry, file, linenum, err); if (cfgerr & ERR_CODE) goto error; @@ -587,6 +604,13 @@ int crtlist_parse_file(char *file, struct bind_conf *bind_conf, struct proxy *cu entry = NULL; } + + if (missing_lf != -1) { + memprintf(err, "parsing [%s:%d]: Missing LF on last line, file might have been truncated at position %d.\n", + file, linenum, (missing_lf + 1)); + cfgerr |= ERR_ALERT | ERR_FATAL; + } + if (cfgerr & ERR_CODE) goto error; -- 2.28.0