When a config directive is provided with a malformed argument (e.g.
`loglevel="1`), then the call to get_word() returns NULL and `wordbuf`
is left unchanged aka still contains the directive name. Unlike the
previous calls to get_word(), the return value is not checked here, and
processing continues with `args` pointing to the still unchanged
`wordbuf`. So `loglevel="1` is effectively parsed as
`loglevel=loglevel`.
Instead if no valid argument is found, ignore the directive and log a
warning.
Due to the way get_word() is implemented, this unfortunately will report
an empty argument (e.g. `loglevel=`) as malformed as well. Ideally that
should behave the same as `loglevel=""`, but I found no nice way to
achieve that. An empty argument is only useful in rare cases, so
treating it as malformed should be fine for now. That's still way better
than the previous broken "name as value" behaviour.
Fixes: e88384d9d5a1 ("added new generic get_word() function to do better parsing")
Signed-off-by: Corubba Smith <corubba@xxxxxx>
---
src/conffile.c | 6 ++++++
1 file changed, 6 insertions(+)
diff --git a/src/conffile.c b/src/conffile.c
index 96eff69..7b9fb0f 100644
--- a/src/conffile.c
+++ b/src/conffile.c
@@ -198,6 +198,12 @@ int config_parse_file(const char *section, struct config_keyset *kset)
}
wordend = get_word(wordend, " =\t\n\r", (char *) &wordbuf);
+ if (wordend == NULL) {
+ ulogd_log(ULOGD_NOTICE,
+ "ignoring malformed config directive \"%s\" on line %d\n",
+ ce->key, linenum);
+ break;
+ }
args = (char *)&wordbuf;
if (ce->hit && !(ce->options & CONFIG_OPT_MULTI))
--
2.48.1
