From 2b0fc331149f6806fb99f37affa38385556f5adb Mon Sep 17 00:00:00 2001
From: Amaury Denoyelle <adenoyelle@haproxy.com>
Date: Thu, 19 Feb 2026 16:04:04 +0100
Subject: [PATCH] BUG/MINOR: proxy: detect strdup error on server auto SNI

There was no check on the result of strdup() used to setup auto SNI on a
server instance during check config validity. In case of failure, the
error would be silently ignored as the following server_parse_exprs()
does nothing when <sni_expr> server field is NULL. Hence, no SNI would
be used on the server, without any error nor warning reported.

Fix this by adding a check on strdup() return value. On error, ERR_ABORT
is reported along with an alert, parsing should be interrupted as soon
as possible.

This must be backported up to 3.3. Note that the related code in this
case is present in cfgparse.c source file.
---
 src/proxy.c | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/src/proxy.c b/src/proxy.c
index 21de08acf..92550dcd1 100644
--- a/src/proxy.c
+++ b/src/proxy.c
@@ -2543,6 +2543,13 @@ int proxy_finalize(struct proxy *px, int *err_code)
 			if (!newsrv->sni_expr && newsrv->proxy->mode == PR_MODE_HTTP &&
 			    !(newsrv->ssl_ctx.options & SRV_SSL_O_NO_AUTO_SNI)) {
 				newsrv->sni_expr = strdup("req.hdr(host),field(1,:)");
+				if (!newsrv->sni_expr) {
+					ha_alert("parsing [%s:%d]: out of memory while generating server auto SNI expression.\n",
+					         newsrv->conf.file, newsrv->conf.line);
+					cfgerr++;
+					*err_code |= ERR_ALERT | ERR_ABORT;
+					goto out;
+				}
 
 				err = NULL;
 				if (server_parse_exprs(newsrv, px, &err)) {
-- 
2.47.3