BUG/MINOR: http: Missing calloc return value check in parse_http_req_capture

A memory allocation failure happening in parse_http_req_capture while
processing a "len" keyword and allocating a cap_hdr structure would
have resulted in a crash. This function is only called during
configuration parsing.

It was raised in GitHub issue #1233.
It could be backported to all stable branches.

diff --git a/src/http_act.c b/src/http_act.c
index f61362475993e29d1d8f235febc598bd6dc3b34a..0aa8a37594b3a15493b3e40a462060edd86516a5 100644 (file)
--- a/src/http_act.c
+++ b/src/http_act.c
@@ -931,6 +931,11 @@ static enum act_parse_ret parse_http_req_capture(const char **args, int *orig_ar
                cur_arg++;
 
                hdr = calloc(1, sizeof(*hdr));
+               if (!hdr) {
+                       memprintf(err, "out of memory");
+                       release_sample_expr(expr);
+                       return ACT_RET_PRS_ERR;
+               }
                hdr->next = px->req_cap;
                hdr->name = NULL; /* not a header capture */
                hdr->namelen = 0;