BUG/MINOR: proxy: detect strdup error on server auto SNI

There was no check on the result of strdup() used to setup auto SNI on a
server instance during check config validity. In case of failure, the
error would be silently ignored as the following server_parse_exprs()
does nothing when <sni_expr> server field is NULL. Hence, no SNI would
be used on the server, without any error nor warning reported.

Fix this by adding a check on strdup() return value. On error, ERR_ABORT
is reported along with an alert, parsing should be interrupted as soon
as possible.

This must be backported up to 3.3. Note that the related code in this
case is present in cfgparse.c source file.

diff --git a/src/proxy.c b/src/proxy.c
index 21de08acf3912e4c077975c4bd13ebf5ab78bb9f..92550dcd13f83dbe615ff72346d7883d57e88aeb 100644 (file)
--- a/src/proxy.c
+++ b/src/proxy.c
@@ -2543,6 +2543,13 @@ int proxy_finalize(struct proxy *px, int *err_code)
                        if (!newsrv->sni_expr && newsrv->proxy->mode == PR_MODE_HTTP &&
                            !(newsrv->ssl_ctx.options & SRV_SSL_O_NO_AUTO_SNI)) {
                                newsrv->sni_expr = strdup("req.hdr(host),field(1,:)");
+                               if (!newsrv->sni_expr) {
+                                       ha_alert("parsing [%s:%d]: out of memory while generating server auto SNI expression.\n",
+                                                newsrv->conf.file, newsrv->conf.line);
+                                       cfgerr++;
+                                       *err_code |= ERR_ALERT | ERR_ABORT;
+                                       goto out;
+                               }
 
                                err = NULL;
                                if (server_parse_exprs(newsrv, px, &err)) {