Nil request dereference in ACLExtUser and SourceDomainCheck ACLs (#1931)

ACLExtUser-based ACLs (i.e. ext_user and ext_user_regex) dereferenced a
nil request pointer when they were used in a context without a request
(e.g., when honoring on_unsupported_protocol).

SourceDomainCheck-based ACLs (i.e. srcdomain and srcdom_regex) have a
similar bug, although we do not know whether broken slow ACL code is
reachable without a request (e.g., on_unsupported_protocol tests cannot
reach that code until that directive starts supporting slow ACLs). This
change does not start to require request presence for these two ACLs to
avoid breaking any existing configurations that "work" without one.

diff --git a/src/acl/ExtUser.h b/src/acl/ExtUser.h
index 457508ac667891b3705d28748812bb474d1c9a59..a5df49deb6922177655a41e6b7ccb41b80b82698 100644 (file)
--- a/src/acl/ExtUser.h
+++ b/src/acl/ExtUser.h
@@ -27,6 +27,7 @@ public:
     char const *typeString() const override;
     void parse() override;
     int match(ACLChecklist *checklist) override;
+    bool requiresRequest() const override { return true; }
     SBufList dump() const override;
     bool empty () const override;