From: Remi Tricot-Le Breton <rlebreton@haproxy.com>
Date: Wed, 12 May 2021 16:24:18 +0000 (+0200)
Subject: BUG/MINOR: http: Missing calloc return value check while parsing tcp-request/tcp... 
X-Git-Tag: v2.5-dev1~221
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=2ca42b4656f60655a5295a66f321239faee2d9fe;p=thirdparty%2Fhaproxy.git

BUG/MINOR: http: Missing calloc return value check while parsing tcp-request/tcp-response

A memory allocation failure happening in tcp_parse_tcp_req or
tcp_parse_tcp_rep when trying to allocate an act_rule structure would
have resulted in a crash. These functions are only called during
configuration parsing.

It was raised in GitHub issue #1233.
It could be backported to all stable branches.
---

diff --git a/src/tcp_rules.c b/src/tcp_rules.c
index 2e1eac4ee5..edc287b56c 100644
--- a/src/tcp_rules.c
+++ b/src/tcp_rules.c
@@ -1055,6 +1055,10 @@ static int tcp_parse_tcp_rep(char **args, int section_type, struct proxy *curpx,
 	}
 
 	rule = calloc(1, sizeof(*rule));
+	if (!rule) {
+		memprintf(err, "parsing [%s:%d] : out of memory", file, line);
+		return -1;
+	}
 	LIST_INIT(&rule->list);
 	arg = 1;
 	where = 0;
@@ -1169,6 +1173,10 @@ static int tcp_parse_tcp_req(char **args, int section_type, struct proxy *curpx,
 	}
 
 	rule = calloc(1, sizeof(*rule));
+	if (!rule) {
+		memprintf(err, "parsing [%s:%d] : out of memory", file, line);
+		return -1;
+	}
 	LIST_INIT(&rule->list);
 	arg = 1;
 	where = 0;