Hello,

I added extra checks to fix #660

Cheers,
Ilya Shipitcin
From 814dd19d54dcaadf4de3a401206f6a7788ac68bd Mon Sep 17 00:00:00 2001
From: Ilya Shipitsin <chipits...@gmail.com>
Date: Sat, 27 Jun 2020 12:40:28 +0500
Subject: [PATCH] src/server.c: add extra guards when loading state file

this should fix #660
---
 src/server.c | 9 ++++++---
 1 file changed, 6 insertions(+), 3 deletions(-)

diff --git a/src/server.c b/src/server.c
index 1fd29046e..714d0c517 100644
--- a/src/server.c
+++ b/src/server.c
@@ -3252,6 +3252,7 @@ void apply_server_state(void)
 			/* free up memory in case of error during the processing of the line */
 			free(line);
 		}
+		fclose(f);
 	}
  out_load_server_state_in_tree:
 
@@ -3347,6 +3348,8 @@ void apply_server_state(void)
 					goto next;
 
 				st = container_of(node, struct state_line, name_name);
+				if (strlen(st->line) > SRV_STATE_LINE_MAXLEN)
+					goto next;
 				memcpy(mybuf, st->line, strlen(st->line));
 				mybuf[strlen(st->line)] = 0;
 
@@ -3362,7 +3365,7 @@ void apply_server_state(void)
 
 			continue; /* next proxy in list */
 		}
-		else {
+		else if (filepath) {
 			/* load 'local' state file */
 			errno = 0;
 			f = fopen(filepath, "r");
@@ -3434,9 +3437,9 @@ void apply_server_state(void)
 				/* now we can proceed with server's state update */
 				srv_update_state(srv, version, srv_params);
 			}
+			fileclose:
+				fclose(f);
 		}
-fileclose:
-		fclose(f);
 	}
 
 	/* now free memory allocated for the tree */
-- 
2.26.2

Reply via email to