From: Aurelien DARRAGON <adarragon@haproxy.com>
Date: Mon, 15 Sep 2025 07:22:19 +0000 (+0200)
Subject: BUG/MEDIUM: http_ana: fix potential NULL deref in http_process_req_common()
X-Git-Tag: v3.3-dev9~117
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=be417c1db25bdf59a5d288e1feda146df8cd4fb8;p=thirdparty%2Fhaproxy.git

BUG/MEDIUM: http_ana: fix potential NULL deref in http_process_req_common()

As reported by @kenballus in GH #3118, a potential NULL-deref was
introduced in 3da1d63 ("BUG/MEDIUM: http_ana: handle yield for "stats
http-request" evaluation")

Indeed, px->uri_auth may be NULL when stats directive is not involved in
the current proxy section.

The bug went unnoticed because it didn't seem to cause any side-effect
so far and valgrind didn't catch it. However ASAN did, so let's fix it
before it causes harm.

It should be backported with 3da1d63.
---

diff --git a/src/http_ana.c b/src/http_ana.c
index 72a967d46..b7b0b2f20 100644
--- a/src/http_ana.c
+++ b/src/http_ana.c
@@ -399,7 +399,7 @@ int http_process_req_common(struct stream *s, struct channel *req, int an_bit, s
 
 	verdict = HTTP_RULE_RES_CONT;
 
-	if (s->current_rule_list == &px->uri_auth->http_req_rules)
+	if (px->uri_auth && s->current_rule_list == &px->uri_auth->http_req_rules)
 		stats_rules = 1;
 
 	/* resume stats http-request rules if needed */