From dfe32c7e15f1fd8d6df51b807cb2b825fd2f85a0 Mon Sep 17 00:00:00 2001
From: Christopher Faulet <cfaulet@haproxy.com>
Date: Wed, 18 May 2022 16:22:43 +0200
Subject: [PATCH] BUG/MEDIUM: config: Reset outline buffer size on realloc
 error in readcfgfile()

When the line parsing failed because outline buffer must be reallocated, if
my_realloc2() call fails, the buffer size must be reset. Indeed, in this case
the current line is skipped, a fatal error is reported and we jump to the next
line. At this stage the outline buffer is NULL. If the buffer size is not reset,
the next call to parse_line() crashes because we try to write in the buffer. We
fail to detect the outline buffer is too small to copy any character.

To fix the issue, outlinesize variable must be set to 0 when outline allocation
failed.

This patch should fix the issue #1563. It must be backported as far as 2.2.
---
 src/cfgparse.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/src/cfgparse.c b/src/cfgparse.c
index b1ec46f2f..2f886d92e 100644
--- a/src/cfgparse.c
+++ b/src/cfgparse.c
@@ -1862,6 +1862,7 @@ next_line:
 						 file, linenum);
 					err_code |= ERR_ALERT | ERR_FATAL;
 					fatal++;
+					outlinesize = 0;
 					goto next_line;
 				}
 				/* try again */