From: Amos Jeffries <yadij@users.noreply.github.com>
Date: Wed, 4 Jul 2018 10:30:12 +0000 (+0000)
Subject: Fix segmentation fault on -k parse (#218)
X-Git-Tag: SQUID_4_2~14
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=064512a31212e2142178a426b2431c20972ffea6;p=thirdparty%2Fsquid.git

Fix segmentation fault on -k parse (#218)

When an HTTPS or SSL-Bump port is configured without a cert=
parameter it results in a segmentation fault. Detect that
occurance and add the required FATAL error message instead for
these configurations where cert= is a parameter rather than an
option.

Our project terminology for config settings is;

 "parameter"
 -  a required setting. Print a FATAL error message if missing.

 "option"
 -  an optional setting. Ignored or default value if missing.
---

diff --git a/src/cache_cf.cc b/src/cache_cf.cc
index 006a42d3a6..a9959d6b92 100644
--- a/src/cache_cf.cc
+++ b/src/cache_cf.cc
@@ -3774,6 +3774,15 @@ parsePortCfg(AnyP::PortCfgPointer *head, const char *optionName)
         }
     }
 
+    if (s->secure.encryptTransport) {
+        if (s->secure.certs.empty()) {
+            debugs(3, DBG_CRITICAL, "FATAL: " << AnyP::UriScheme(s->transport.protocol) << "_port requires a cert= parameter");
+            self_destruct();
+            return;
+        }
+    }
+
+    // *_port line should now be fully valid so we can clone it if necessary
     if (Ip::EnableIpv6&IPV6_SPECIAL_SPLITSTACK && s->s.isAnyAddr()) {
         // clone the port options from *s to *(s->next)
         s->next = s->clone();