From: Christopher Faulet <cfaulet@haproxy.com>
Date: Thu, 6 Feb 2025 15:21:20 +0000 (+0100)
Subject: BUG/MINOR: config/userlist: Support one 'users' option for 'group' directive
X-Git-Tag: v3.2-dev5~14
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=a1e14d2a8272511c29d9225a61c74dc89847287d;p=thirdparty%2Fhaproxy.git

BUG/MINOR: config/userlist: Support one 'users' option for 'group' directive

When a group is defined in a userlist section, only one 'users' option is
expected. But it was not tested. Thus it was possible to set several options
leading to a memory leak.

It is now tested, and it is not allowed to redefine the users option.

It was reported by Coverity in #2841: CID 1587771.

This patch could be backported to all stable versions.
---

diff --git a/src/cfgparse.c b/src/cfgparse.c
index c2d0ca5c3..216c8dcfe 100644
--- a/src/cfgparse.c
+++ b/src/cfgparse.c
@@ -1407,6 +1407,15 @@ cfg_parse_users(const char *file, int linenum, char **args, int kwm)
 
 		while (*args[cur_arg]) {
 			if (strcmp(args[cur_arg], "users") == 0) {
+				if (ag->groupusers) {
+					ha_alert("parsing [%s:%d]: 'users' option already defined in '%s' name '%s'.\n",
+						 file, linenum, args[0], args[1]);
+					err_code |= ERR_ALERT | ERR_FATAL;
+					free(ag->groupusers);
+					free(ag->name);
+					free(ag);
+					goto out;
+				}
 				ag->groupusers = strdup(args[cur_arg + 1]);
 				cur_arg += 2;
 				continue;