From 33670baf6c507eec1cee728d2f5086a536f47b71 Mon Sep 17 00:00:00 2001 From: Eduard Bagdasaryan Date: Tue, 5 Nov 2024 14:21:19 +0000 Subject: [PATCH] Nil request dereference in ACLExtUser and SourceDomainCheck ACLs (#1931) ACLExtUser-based ACLs (i.e. ext_user and ext_user_regex) dereferenced a nil request pointer when they were used in a context without a request (e.g., when honoring on_unsupported_protocol). SourceDomainCheck-based ACLs (i.e. srcdomain and srcdom_regex) have a similar bug, although we do not know whether broken slow ACL code is reachable without a request (e.g., on_unsupported_protocol tests cannot reach that code until that directive starts supporting slow ACLs). This change does not start to require request presence for these two ACLs to avoid breaking any existing configurations that "work" without one. --- src/acl/ExtUser.h | 1 + 1 file changed, 1 insertion(+) diff --git a/src/acl/ExtUser.h b/src/acl/ExtUser.h index 457508ac66..a5df49deb6 100644 --- a/src/acl/ExtUser.h +++ b/src/acl/ExtUser.h @@ -27,6 +27,7 @@ public: char const *typeString() const override; void parse() override; int match(ACLChecklist *checklist) override; + bool requiresRequest() const override { return true; } SBufList dump() const override; bool empty () const override; -- 2.47.2