BUG/MEDIUM: cfgparse: segfault when userlist is misused

If the 'userlist' keyword parsing returns an error and no userlist were
previously created. The parsing of 'user' and 'group' leads to NULL
derefence.

The userlist pointer is now tested to prevent this issue.

diff --git a/src/cfgparse.c b/src/cfgparse.c
index 154802eeba1d86bebee5e74f77d6ebf929f47764..de88d841cfec17f380dcf892506e7f99bfda0e53 100644 (file)
--- a/src/cfgparse.c
+++ b/src/cfgparse.c
@@ -6144,6 +6144,9 @@ cfg_parse_users(const char *file, int linenum, char **args, int kwm)
                        goto out;
                }
 
+               if (!userlist)
+                       goto out;
+
                for (ag = userlist->groups; ag; ag = ag->next)
                        if (!strcmp(ag->name, args[1])) {
                                Warning("parsing [%s:%d]: ignoring duplicated group '%s' in userlist '%s'.\n",
@@ -6194,6 +6197,8 @@ cfg_parse_users(const char *file, int linenum, char **args, int kwm)
                        err_code |= ERR_ALERT | ERR_FATAL;
                        goto out;
                }
+               if (!userlist)
+                       goto out;
 
                for (newuser = userlist->users; newuser; newuser = newuser->next)
                        if (!strcmp(newuser->user, args[1])) {