BUG/MEDIUM: cfgparse: segfault when userlist is misused

If the 'userlist' keyword parsing returns an error and no userlist were
previously created. The parsing of 'user' and 'group' leads to NULL
derefence.

The userlist pointer is now tested to prevent this issue.

diff --git a/src/cfgparse.c b/src/cfgparse.c
index 154802e..de88d84 100644 (file)
--- a/src/cfgparse.c
+++ b/src/cfgparse.c
@@ -6144,6 +6144,9 @@ cfg_parse_users(const char *file, int linenum, char **args, int kwm)
                        goto out;
                }
 
+               if (!userlist)
+                       goto out;
+
                for (ag = userlist->groups; ag; ag = ag->next)
                        if (!strcmp(ag->name, args[1])) {
                                Warning("parsing [%s:%d]: ignoring duplicated group '%s' in userlist '%s'.\n",
@@ -6194,6 +6197,8 @@ cfg_parse_users(const char *file, int linenum, char **args, int kwm)
                        err_code |= ERR_ALERT | ERR_FATAL;
                        goto out;
                }
+               if (!userlist)
+                       goto out;
 
                for (newuser = userlist->users; newuser; newuser = newuser->next)
                        if (!strcmp(newuser->user, args[1])) {