Fix segmentation fault on -k parse (#218)

When an HTTPS or SSL-Bump port is configured without a cert=
parameter it results in a segmentation fault. Detect that
occurance and add the required FATAL error message instead for
these configurations where cert= is a parameter rather than an
option.

Our project terminology for config settings is;

 "parameter"
 -  a required setting. Print a FATAL error message if missing.

 "option"
 -  an optional setting. Ignored or default value if missing.

diff --git a/src/cache_cf.cc b/src/cache_cf.cc
index 006a42d3a6750725f219f0ad7f7090ccf5b84549..a9959d6b923d127790f9a127c007254f092ccbd4 100644 (file)
--- a/src/cache_cf.cc
+++ b/src/cache_cf.cc
@@ -3774,6 +3774,15 @@ parsePortCfg(AnyP::PortCfgPointer *head, const char *optionName)
         }
     }
 
+    if (s->secure.encryptTransport) {
+        if (s->secure.certs.empty()) {
+            debugs(3, DBG_CRITICAL, "FATAL: " << AnyP::UriScheme(s->transport.protocol) << "_port requires a cert= parameter");
+            self_destruct();
+            return;
+        }
+    }
+
+    // *_port line should now be fully valid so we can clone it if necessary
     if (Ip::EnableIpv6&IPV6_SPECIAL_SPLITSTACK && s->s.isAnyAddr()) {
         // clone the port options from *s to *(s->next)
         s->next = s->clone();