From: Willy Tarreau <w@1wt.eu>
Date: Tue, 2 Sep 2025 15:41:51 +0000 (+0200)
Subject: BUILD: acl: silence a possible null deref warning in parse_acl_expr()
X-Git-Tag: v3.3-dev8~34
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=4902195313f16eeca44507bfbc9e5b3b8016a61f;p=thirdparty%2Fhaproxy.git

BUILD: acl: silence a possible null deref warning in parse_acl_expr()

The fix in commit 441cd614f9 ("BUG/MINOR: acl: set arg_list->kw to
aclkw->kw string literal if aclkw is found") involves an unchecked
access to "al" after that one is tested for possibly being NULL. This
rightfully upsets Coverity (GH #3095) and might also trigger warnings
depending on the compilers. However, no known caller to date passes
a NULL arg list here so there's no way to trigger this theoretical
bug.

This should be backported along with the fix above to avoid emitting
warnings, possibly as far as 2.6 since that fix was tagged as such.
---

diff --git a/src/acl.c b/src/acl.c
index 73fdf7207..370d696c0 100644
--- a/src/acl.c
+++ b/src/acl.c
@@ -171,7 +171,9 @@ struct acl_expr *parse_acl_expr(const char **args, char **err, struct arg_list *
 	if (aclkw) {
 		/* OK we have a real ACL keyword */
 
-		al->kw = aclkw->kw;
+		if (al)
+			al->kw = aclkw->kw;
+
 		/* build new sample expression for this ACL */
 		smp = calloc(1, sizeof(*smp));
 		if (!smp) {