From: Willy Tarreau <w@1wt.eu>
Date: Mon, 25 Apr 2022 08:25:15 +0000 (+0200)
Subject: BUG/MINOR: http-act: make release_http_redir() more robust
X-Git-Tag: v2.6-dev8~87
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=16daaf319c287b02e8e60e4616685427c33f2a06;p=thirdparty%2Fhaproxy.git

BUG/MINOR: http-act: make release_http_redir() more robust

Since commit dd7e6c6dc ("BUG/MINOR: http-rules: completely free incorrect
TCP rules on error") free_act_rule() is called on some error paths, and one
of them involves incomplete redirect rules that may cause a crash if the
rule wasn't yet initialized, as shown in this config snippet:

   frontend ft
      mode http
      bind *:8001
      http-request redirect location /%[always_false,sdbm]

Let's simply make release_http_redir() more robust against null redirect
rules.

No backport needed since it seems that the only way to trigger this was
the extra check above that was merged during 2.6-dev.
---

diff --git a/src/http_act.c b/src/http_act.c
index 97d0024fe0..95f6fdebea 100644
--- a/src/http_act.c
+++ b/src/http_act.c
@@ -1760,6 +1760,9 @@ static void release_http_redir(struct act_rule *rule)
 	struct redirect_rule *redir;
 
 	redir = rule->arg.redir;
+	if (!redir)
+		return;
+
 	LIST_DELETE(&redir->list);
 	if (redir->cond) {
 		prune_acl_cond(redir->cond);