[BUG] http: use correct ACL pointer when evaluating authentication

req_acl was used instead of req_acl_final. As a matter of luck, both
happen to be the same at this point, but this is not granted in the
future.

This fix should be backported to 1.4.

diff --git a/src/proto_http.c b/src/proto_http.c
index 3a404e67cc4fe10ed8cc16ddc45f7904f780f5d6..61ec462cf7640f04bf216ed3cdc5af219df62439 100644 (file)
--- a/src/proto_http.c
+++ b/src/proto_http.c
@@ -3148,7 +3148,7 @@ int http_process_req_common(struct session *s, struct buffer *req, int an_bit, s
 
        if (req_acl_final && req_acl_final->action == PR_REQ_ACL_ACT_HTTP_AUTH) {
                struct chunk msg;
-               char *realm = req_acl->http_auth.realm;
+               char *realm = req_acl_final->http_auth.realm;
 
                if (!realm)
                        realm = do_stats?STATS_DEFAULT_REALM:px->id;