From: William Lallemand <wlallemand@haproxy.com>
Date: Wed, 21 May 2025 09:13:09 +0000 (+0200)
Subject: BUG/MEDIUM: acme: check if acme domains are configured
X-Git-Tag: v3.2-dev17~10
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=156f4bd7a65f8a25123f6aaf2fc29cd05ab1ec93;p=thirdparty%2Fhaproxy.git

BUG/MEDIUM: acme: check if acme domains are configured

When starting the ACME task with a ckch_conf which does not contain the
domains, the ACME task would segfault because it will try to dereference
a NULL in this case.

The patch fix the issue by emitting a warning when no domains are
configured. It's not done at configuration parsing because it is not
easy to emit the warning because there are is no callback system which
give access to the whole ckch_conf once a line is parsed.

No backport needed.
---

diff --git a/src/acme.c b/src/acme.c
index a1197f3b7..f983665c6 100644
--- a/src/acme.c
+++ b/src/acme.c
@@ -2266,6 +2266,11 @@ static int acme_start_task(struct ckch_store *store, char **errmsg)
 		goto err;
 	}
 
+	if (!store->conf.acme.domains) {
+		memprintf(errmsg, "No 'domains' were configured for certificate. ");
+		goto err;
+	}
+
 	cfg = get_acme_cfg(store->conf.acme.id);
 	if (!cfg) {
 		memprintf(errmsg, "No ACME configuration found for file '%s'.\n", store->path);