BUG/MEDIUM: config: don't crash at config load time on invalid userlist names

Cyril Bonté reported that passing an invalid userlist name to
http_auth_group() caused haproxy to crash at load. This was due
to an attempt to use the unresolved userlist pointer later to
resolve auth groups since we report many errors before leaving
now.

This issue does not exist in earlier versions since they immediately
abort on the first error, so no backport is needed.

diff --git a/src/acl.c b/src/acl.c
index 8572bd174cdaa20d96c969cb1ee231f174ea9a47..54c4e15d2bbaa2628813c568a19b11fa2bc8a7e8 100644 (file)
--- a/src/acl.c
+++ b/src/acl.c
@@ -2214,6 +2214,11 @@ acl_find_targets(struct proxy *p)
                                }
                        } /* end of args processing */
 
+                       /* don't try to resolve groups if we're not certain of having
+                        * resolved userlists first.
+                        */
+                       if (cfgerr)
+                               break;
 
                        if (!strcmp(expr->kw->kw, "http_auth_group")) {
                                /* note: argument resolved above thanks to ARGT_USR */