From c7564c19a2e4ce495b934c077c7a08e9bdb89d08 Mon Sep 17 00:00:00 2001
From: William Lallemand <wlallemand@haproxy.com>
Date: Mon, 23 Mar 2026 14:15:04 +0100
Subject: [PATCH] BUG/MINOR: acme: replace atol with len-bounded __strl2uic()
 for retry-after

Replace atol() by _strl2uic() in cases the input are ISTs when parsing
the retry-after header. There's no risk of an error since it will stop
at the first non-digit.

Must be backported to 3.2 and later.
---
 src/acme.c | 15 ++++++++-------
 1 file changed, 8 insertions(+), 7 deletions(-)

diff --git a/src/acme.c b/src/acme.c
index c0256afff..501cba55a 100644
--- a/src/acme.c
+++ b/src/acme.c
@@ -15,6 +15,7 @@
 #include <haproxy/acme-t.h>
 
 #include <haproxy/base64.h>
+#include <haproxy/intops.h>
 #include <haproxy/cfgparse.h>
 #include <haproxy/cli.h>
 #include <haproxy/errors.h>
@@ -1187,7 +1188,7 @@ int acme_res_certificate(struct task *task, struct acme_ctx *ctx, char **errmsg)
 		}
 		/* get the next retry timing */
 		if (isteqi(hdr->n, ist("Retry-After"))) {
-			ctx->retryafter = atol(hdr->v.ptr);
+			ctx->retryafter = __strl2uic(hdr->v.ptr, hdr->v.len);
 		}
 	}
 
@@ -1260,7 +1261,7 @@ int acme_res_chkorder(struct task *task, struct acme_ctx *ctx, char **errmsg)
 		}
 		/* get the next retry timing */
 		if (isteqi(hdr->n, ist("Retry-After"))) {
-			ctx->retryafter = atol(hdr->v.ptr);
+			ctx->retryafter = __strl2uic(hdr->v.ptr, hdr->v.len);
 		}
 	}
 
@@ -1390,7 +1391,7 @@ int acme_res_finalize(struct task *task, struct acme_ctx *ctx, char **errmsg)
 		}
 		/* get the next retry timing */
 		if (isteqi(hdr->n, ist("Retry-After"))) {
-			ctx->retryafter = atol(hdr->v.ptr);
+			ctx->retryafter = __strl2uic(hdr->v.ptr, hdr->v.len);
 		}
 	}
 
@@ -1491,7 +1492,7 @@ enum acme_ret acme_res_challenge(struct task *task, struct acme_ctx *ctx, struct
 		}
 		/* get the next retry timing */
 		if (isteqi(hdr->n, ist("Retry-After"))) {
-			ctx->retryafter = atol(hdr->v.ptr);
+			ctx->retryafter = __strl2uic(hdr->v.ptr, hdr->v.len);
 		}
 	}
 
@@ -1617,7 +1618,7 @@ int acme_res_auth(struct task *task, struct acme_ctx *ctx, struct acme_auth *aut
 		}
 		/* get the next retry timing */
 		if (isteqi(hdr->n, ist("Retry-After"))) {
-			ctx->retryafter = atol(hdr->v.ptr);
+			ctx->retryafter = __strl2uic(hdr->v.ptr, hdr->v.len);
 		}
 
 	}
@@ -1848,7 +1849,7 @@ int acme_res_neworder(struct task *task, struct acme_ctx *ctx, char **errmsg)
 		}
 		/* get the next retry timing */
 		if (isteqi(hdr->n, ist("Retry-After"))) {
-			ctx->retryafter = atol(hdr->v.ptr);
+			ctx->retryafter = __strl2uic(hdr->v.ptr, hdr->v.len);
 		}
 		/* get the order URL */
 		if (isteqi(hdr->n, ist("Location"))) {
@@ -2008,7 +2009,7 @@ int acme_res_account(struct task *task, struct acme_ctx *ctx, int newaccount, ch
 		}
 		/* get the next retry timing */
 		if (isteqi(hdr->n, ist("Retry-After"))) {
-			ctx->retryafter = atol(hdr->v.ptr);
+			ctx->retryafter = __strl2uic(hdr->v.ptr, hdr->v.len);
 		}
 		if (isteqi(hdr->n, ist("Replay-Nonce"))) {
 			istfree(&ctx->nonce);