From accd41bbd5fea9455a29ddf505597dde37932392 Mon Sep 17 00:00:00 2001
From: Pavel Pautov <p.pautov@f5.com>
Date: Thu, 21 Nov 2024 13:57:43 -0800
Subject: [PATCH] Fail early if "trusted_certificate" is a directory.

Previously, the error was caused by enormous std::string allocation.
---
 src/http_module.cpp | 13 ++++++++-----
 1 file changed, 8 insertions(+), 5 deletions(-)

diff --git a/src/http_module.cpp b/src/http_module.cpp
index df5702e..bc08b23 100644
--- a/src/http_module.cpp
+++ b/src/http_module.cpp
@@ -711,7 +711,8 @@ char* addResourceAttr(ngx_conf_t* cf, ngx_command_t* cmd, void* conf)
     return NGX_CONF_OK;
 }
 
-char* setTrustedCertificate(ngx_conf_t* cf, ngx_command_t* cmd, void* conf) {
+char* setTrustedCertificate(ngx_conf_t* cf, ngx_command_t* cmd, void* conf)
+{
     auto path = ((ngx_str_t*)cf->args->elts)[1];
     auto mcf = getMainConf(cf);
 
@@ -727,11 +728,13 @@ char* setTrustedCertificate(ngx_conf_t* cf, ngx_command_t* cmd, void* conf) {
             return (char*)NGX_CONF_ERROR;
         }
         file.exceptions(std::ios::failbit | std::ios::badbit);
-        file.seekg(0, std::ios::end);
-        size_t size = file.tellg();
-        mcf->trustedCert.resize(size);
+        file.peek(); // trigger early error for dirs
+
+        size_t size = file.seekg(0, std::ios::end).tellg();
         file.seekg(0);
-        file.read(&mcf->trustedCert[0], mcf->trustedCert.size());
+
+        mcf->trustedCert.resize(size);
+        file.read(&mcf->trustedCert[0], size);
     } catch (const std::exception& e) {
         ngx_conf_log_error(NGX_LOG_EMERG, cf, 0,
             "failed to read \"%V\": %s", &path, e.what());