BUG/MINOR: pattern: prevent const sample from being tampered in pat_match_beg()

This is a complementary patch to a68affeaa ("BUG/MINOR: pattern: a sample
marked as const could be written"). Indeed the same logic from
pat_match_str() is used there, but we lack the check to ensure that the
sample is not const before writing data to it.

It could be backported to all stable versions.

(cherry picked from commit 3449525a0204841a62a9fa41119ec8c47f21fde8)
Signed-off-by: Willy Tarreau <w@1wt.eu>

diff --git a/src/pattern.c b/src/pattern.c
index 90f386e..4b7540b 100644 (file)
--- a/src/pattern.c
+++ b/src/pattern.c
@@ -651,11 +651,18 @@ struct pattern *pat_match_beg(struct sample *smp, struct pattern_expr *expr, int
 
                if (smp->data.u.str.data < smp->data.u.str.size) {
                        /* we may have to force a trailing zero on the test pattern and
-                        * the buffer is large enough to accommodate it.
+                        * the buffer is large enough to accommodate it. If the flag
+                        * CONST is set, duplicate the string
                         */
                        prev = smp->data.u.str.area[smp->data.u.str.data];
-                       if (prev)
-                               smp->data.u.str.area[smp->data.u.str.data] = '\0';
+                       if (prev) {
+                               if (smp->flags & SMP_F_CONST) {
+                                       if (!smp_dup(smp))
+                                               return NULL;
+                               } else {
+                                       smp->data.u.str.area[smp->data.u.str.data] = '\0';
+                               }
+                       }
                }
                else {
                        /* Otherwise, the sample is duplicated. A trailing zero