[BUG] acl-related keywords are not allowed in defaults sections

Using an ACL-related keyword in the defaults section causes a
segfault during parsing because the list headers are not initialized.
We must initialize list headers for default instance and reject
keywords relying on ACLs.

diff --git a/src/cfgparse.c b/src/cfgparse.c
index 5c525bf33618975d4134d310fe795cc1b4076366..72b10278d88b67a2653d401998b79b9a8dc240bd 100644 (file)
--- a/src/cfgparse.c
+++ b/src/cfgparse.c
@@ -516,6 +516,13 @@ static void init_default_instance()
        defproxy.maxconn = cfg_maxpconn;
        defproxy.conn_retries = CONN_RETRIES;
        defproxy.logfac1 = defproxy.logfac2 = -1; /* log disabled */
+
+       LIST_INIT(&defproxy.pendconns);
+       LIST_INIT(&defproxy.acl);
+       LIST_INIT(&defproxy.block_cond);
+       LIST_INIT(&defproxy.mon_fail_cond);
+       LIST_INIT(&defproxy.switching_rules);
+
        tv_eternity(&defproxy.timeout.client);
        tv_eternity(&defproxy.timeout.connect);
        tv_eternity(&defproxy.timeout.server);
@@ -796,6 +803,11 @@ int cfg_parse_listen(const char *file, int linenum, char **args, int inv)
                curproxy->state = PR_STNEW;
        }
        else if (!strcmp(args[0], "acl")) {  /* add an ACL */
+               if (curproxy == &defproxy) {
+                       Alert("parsing [%s:%d] : '%s' not allowed in 'defaults' section.\n", file, linenum, args[0]);
+                       return -1;
+               }
+
                err = invalid_char(args[1]);
                if (err) {
                        Alert("parsing [%s:%d] : character '%c' is not permitted in acl name '%s'.\n",
@@ -1035,6 +1047,11 @@ int cfg_parse_listen(const char *file, int linenum, char **args, int inv)
                int pol = ACL_COND_NONE;
                struct acl_cond *cond;
 
+               if (curproxy == &defproxy) {
+                       Alert("parsing [%s:%d] : '%s' not allowed in 'defaults' section.\n", file, linenum, args[0]);
+                       return -1;
+               }
+
                if (!strcmp(args[1], "if"))
                        pol = ACL_COND_IF;
                else if (!strcmp(args[1], "unless"))
@@ -1058,6 +1075,11 @@ int cfg_parse_listen(const char *file, int linenum, char **args, int inv)
                struct acl_cond *cond;
                struct switching_rule *rule;
 
+               if (curproxy == &defproxy) {
+                       Alert("parsing [%s:%d] : '%s' not allowed in 'defaults' section.\n", file, linenum, args[0]);
+                       return -1;
+               }
+
                if (warnifnotcap(curproxy, PR_CAP_FE, file, linenum, args[0], NULL))
                        return 0;
 
@@ -1335,6 +1357,11 @@ int cfg_parse_listen(const char *file, int linenum, char **args, int inv)
                }
        }
        else if (!strcmp(args[0], "monitor")) {
+               if (curproxy == &defproxy) {
+                       Alert("parsing [%s:%d] : '%s' not allowed in 'defaults' section.\n", file, linenum, args[0]);
+                       return -1;
+               }
+
                if (warnifnotcap(curproxy, PR_CAP_FE, file, linenum, args[0], NULL))
                        return 0;