[BUG] acl-related keywords are not allowed in defaults sections

Using an ACL-related keyword in the defaults section causes a
segfault during parsing because the list headers are not initialized.
We must initialize list headers for default instance and reject
keywords relying on ACLs.
(cherry picked from commit 1c90a6ec20946a713e9c93995a8e91ed3eeb9da4)
(cherry picked from commit eb8131b4e418b838b2d62d991d91d94482ba49de)

diff --git a/src/cfgparse.c b/src/cfgparse.c
index 893557ad17fa5ba4c2771177bc5680cdebcf4047..a5f49acb8355fa1c146e7d4d714e6ce4eecc6fff 100644 (file)
--- a/src/cfgparse.c
+++ b/src/cfgparse.c
@@ -538,6 +538,13 @@ static void init_default_instance()
        defproxy.maxconn = cfg_maxpconn;
        defproxy.conn_retries = CONN_RETRIES;
        defproxy.logfac1 = defproxy.logfac2 = -1; /* log disabled */
+
+       LIST_INIT(&defproxy.pendconns);
+       LIST_INIT(&defproxy.acl);
+       LIST_INIT(&defproxy.block_cond);
+       LIST_INIT(&defproxy.mon_fail_cond);
+       LIST_INIT(&defproxy.switching_rules);
+
        proxy_reset_timeouts(&defproxy);
 }
 
@@ -864,6 +871,11 @@ int cfg_parse_listen(const char *file, int linenum, char **args, int inv)
                curproxy->state = PR_STNEW;
        }
        else if (!strcmp(args[0], "acl")) {  /* add an ACL */
+               if (curproxy == &defproxy) {
+                       Alert("parsing [%s:%d] : '%s' not allowed in 'defaults' section.\n", file, linenum, args[0]);
+                       return -1;
+               }
+
                err = invalid_char(args[1]);
                if (err) {
                        Alert("parsing [%s:%d] : character '%c' is not permitted in acl name '%s'.\n",
@@ -1074,6 +1086,11 @@ int cfg_parse_listen(const char *file, int linenum, char **args, int inv)
                int pol = ACL_COND_NONE;
                struct acl_cond *cond;
 
+               if (curproxy == &defproxy) {
+                       Alert("parsing [%s:%d] : '%s' not allowed in 'defaults' section.\n", file, linenum, args[0]);
+                       return -1;
+               }
+
                if (!strcmp(args[1], "if"))
                        pol = ACL_COND_IF;
                else if (!strcmp(args[1], "unless"))
@@ -1191,6 +1208,11 @@ int cfg_parse_listen(const char *file, int linenum, char **args, int inv)
                struct acl_cond *cond;
                struct switching_rule *rule;
 
+               if (curproxy == &defproxy) {
+                       Alert("parsing [%s:%d] : '%s' not allowed in 'defaults' section.\n", file, linenum, args[0]);
+                       return -1;
+               }
+
                if (warnifnotcap(curproxy, PR_CAP_FE, file, linenum, args[0], NULL))
                        return 0;
 
@@ -1496,6 +1518,11 @@ int cfg_parse_listen(const char *file, int linenum, char **args, int inv)
                }
        }
        else if (!strcmp(args[0], "monitor")) {
+               if (curproxy == &defproxy) {
+                       Alert("parsing [%s:%d] : '%s' not allowed in 'defaults' section.\n", file, linenum, args[0]);
+                       return -1;
+               }
+
                if (warnifnotcap(curproxy, PR_CAP_FE, file, linenum, args[0], NULL))
                        return 0;