From: Alexander Stephan <alexander.stephan@sap.com>
Date: Mon, 1 Sep 2025 09:47:30 +0000 (+0000)
Subject: BUG/MINOR: acl: Add OOM check for calloc() in smp_fetch_acl_parse()
X-Git-Tag: v3.3-dev8~46
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=c3e69cf065c59acbe01db5452f29b7ac199354d5;p=thirdparty%2Fhaproxy.git

BUG/MINOR: acl: Add OOM check for calloc() in smp_fetch_acl_parse()

This patch adds a missing out-of-memory (OOM) check after
the call to `calloc()` in `smp_fetch_acl_parse()`. If
memory allocation fails, an error message is set and
the function returns 0, improving robustness in
low-memory situations.

Co-authored-by: Christian Norbert Menges <christian.norbert.menges@sap.com>
---

diff --git a/src/acl.c b/src/acl.c
index 9325257f9..73fdf7207 100644
--- a/src/acl.c
+++ b/src/acl.c
@@ -1351,6 +1351,10 @@ int smp_fetch_acl_parse(struct arg *args, char **err_msg)
 	for (i = 0; args[i].type != ARGT_STOP; i++)
 		;
 	acl_sample = calloc(1, sizeof(struct acl_sample) + sizeof(struct acl_term) * i);
+	if (unlikely(!acl_sample)) {
+		memprintf(err_msg, "out of memory when parsing ACL expression");
+		return 0;
+	}
 	LIST_INIT(&acl_sample->suite.terms);
 	LIST_INIT(&acl_sample->cond.suites);
 	LIST_APPEND(&acl_sample->cond.suites, &acl_sample->suite.list);