From: Willy Tarreau <w@1wt.eu>
Date: Thu, 6 May 2021 06:46:11 +0000 (+0200)
Subject: BUG/MINOR: config: fix uninitialized initial state in ".if" block evaluator
X-Git-Tag: v2.4-dev19~122
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=6e647c94f2a7bac30a7642167601c229a309ffc3;p=thirdparty%2Fhaproxy.git

BUG/MINOR: config: fix uninitialized initial state in ".if" block evaluator

The condition to skip the block in the ".if" evaluator forgot to check
that the level was high enough, resulting in rare cases where a random
value matched one of the 5 values that cause the block to be skipped.

No backport is needed as it's 2.4-only.
---

diff --git a/src/cfgparse.c b/src/cfgparse.c
index 59d0e912bc..13362214c0 100644
--- a/src/cfgparse.c
+++ b/src/cfgparse.c
@@ -1855,11 +1855,12 @@ next_line:
 					goto err;
 				}
 
-				if (nested_conds[nested_cond_lvl - 1] == NESTED_COND_IF_DROP ||
-				    nested_conds[nested_cond_lvl - 1] == NESTED_COND_IF_SKIP ||
-				    nested_conds[nested_cond_lvl - 1] == NESTED_COND_ELIF_DROP ||
-				    nested_conds[nested_cond_lvl - 1] == NESTED_COND_ELIF_SKIP ||
-				    nested_conds[nested_cond_lvl - 1] == NESTED_COND_ELSE_DROP) {
+				if (nested_cond_lvl > 1 &&
+				    (nested_conds[nested_cond_lvl - 1] == NESTED_COND_IF_DROP ||
+				     nested_conds[nested_cond_lvl - 1] == NESTED_COND_IF_SKIP ||
+				     nested_conds[nested_cond_lvl - 1] == NESTED_COND_ELIF_DROP ||
+				     nested_conds[nested_cond_lvl - 1] == NESTED_COND_ELIF_SKIP ||
+				     nested_conds[nested_cond_lvl - 1] == NESTED_COND_ELSE_DROP)) {
 					nested_conds[nested_cond_lvl] = NESTED_COND_IF_SKIP;
 				} else if (!*args[1] || *args[1] == '0') {
 					/* empty = false */