From: Amaury Denoyelle <adenoyelle@haproxy.com>
Date: Thu, 19 Feb 2026 15:04:04 +0000 (+0100)
Subject: BUG/MINOR: proxy: detect strdup error on server auto SNI
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=2b0fc331149f6806fb99f37affa38385556f5adb;p=thirdparty%2Fhaproxy.git

BUG/MINOR: proxy: detect strdup error on server auto SNI

There was no check on the result of strdup() used to setup auto SNI on a
server instance during check config validity. In case of failure, the
error would be silently ignored as the following server_parse_exprs()
does nothing when <sni_expr> server field is NULL. Hence, no SNI would
be used on the server, without any error nor warning reported.

Fix this by adding a check on strdup() return value. On error, ERR_ABORT
is reported along with an alert, parsing should be interrupted as soon
as possible.

This must be backported up to 3.3. Note that the related code in this
case is present in cfgparse.c source file.
---

diff --git a/src/proxy.c b/src/proxy.c
index 21de08acf..92550dcd1 100644
--- a/src/proxy.c
+++ b/src/proxy.c
@@ -2543,6 +2543,13 @@ int proxy_finalize(struct proxy *px, int *err_code)
 			if (!newsrv->sni_expr && newsrv->proxy->mode == PR_MODE_HTTP &&
 			    !(newsrv->ssl_ctx.options & SRV_SSL_O_NO_AUTO_SNI)) {
 				newsrv->sni_expr = strdup("req.hdr(host),field(1,:)");
+				if (!newsrv->sni_expr) {
+					ha_alert("parsing [%s:%d]: out of memory while generating server auto SNI expression.\n",
+					         newsrv->conf.file, newsrv->conf.line);
+					cfgerr++;
+					*err_code |= ERR_ALERT | ERR_ABORT;
+					goto out;
+				}
 
 				err = NULL;
 				if (server_parse_exprs(newsrv, px, &err)) {