From: Remi Tricot-Le Breton <rlebreton@haproxy.com>
Date: Mon, 17 May 2021 08:08:16 +0000 (+0200)
Subject: BUG/MINOR: http: Missing calloc return value check while parsing tcp-request rule
X-Git-Tag: v2.5-dev1~220
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=8cb033643ff3235ac0d3887167ce06fefeaf850b;p=thirdparty%2Fhaproxy.git

BUG/MINOR: http: Missing calloc return value check while parsing tcp-request rule

A memory allocation failure happening in tcp_parse_request_rule while
processing the "capture" keyword and trying to allocate a cap_hdr
structure would have resulted in a crash. This function is only called
during configuration parsing.

It was raised in GitHub issue #1233.
It could be backported to all stable branches.
---

diff --git a/src/tcp_rules.c b/src/tcp_rules.c
index edc287b56c..bbd5820b4c 100644
--- a/src/tcp_rules.c
+++ b/src/tcp_rules.c
@@ -826,6 +826,11 @@ static int tcp_parse_request_rule(char **args, int arg, int section_type,
 		}
 
 		hdr = calloc(1, sizeof(*hdr));
+		if (!hdr) {
+			memprintf(err, "parsing [%s:%d] : out of memory", file, line);
+			release_sample_expr(expr);
+			return -1;
+		}
 		hdr->next = curpx->req_cap;
 		hdr->name = NULL; /* not a header capture */
 		hdr->namelen = 0;