From: William Lallemand <wlallemand@haproxy.com>
Date: Thu, 28 May 2015 16:03:51 +0000 (+0200)
Subject: BUG/MEDIUM: cfgparse: segfault when userlist is misused
X-Git-Tag: v1.6-dev2~70
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=4ac9f546120d42be8147e3d90588e7b9738af0cc;p=thirdparty%2Fhaproxy.git

BUG/MEDIUM: cfgparse: segfault when userlist is misused

If the 'userlist' keyword parsing returns an error and no userlist were
previously created. The parsing of 'user' and 'group' leads to NULL
derefence.

The userlist pointer is now tested to prevent this issue.
---

diff --git a/src/cfgparse.c b/src/cfgparse.c
index 154802eeba..de88d841cf 100644
--- a/src/cfgparse.c
+++ b/src/cfgparse.c
@@ -6144,6 +6144,9 @@ cfg_parse_users(const char *file, int linenum, char **args, int kwm)
 			goto out;
 		}
 
+		if (!userlist)
+			goto out;
+
 		for (ag = userlist->groups; ag; ag = ag->next)
 			if (!strcmp(ag->name, args[1])) {
 				Warning("parsing [%s:%d]: ignoring duplicated group '%s' in userlist '%s'.\n",
@@ -6194,6 +6197,8 @@ cfg_parse_users(const char *file, int linenum, char **args, int kwm)
 			err_code |= ERR_ALERT | ERR_FATAL;
 			goto out;
 		}
+		if (!userlist)
+			goto out;
 
 		for (newuser = userlist->users; newuser; newuser = newuser->next)
 			if (!strcmp(newuser->user, args[1])) {