BUG/MINOR: acl: Add OOM check for calloc() in smp_fetch_acl_parse()

This patch adds a missing out-of-memory (OOM) check after
the call to `calloc()` in `smp_fetch_acl_parse()`. If
memory allocation fails, an error message is set and
the function returns 0, improving robustness in
low-memory situations.

Co-authored-by: Christian Norbert Menges <christian.norbert.menges@sap.com>
(cherry picked from commit c3e69cf065c59acbe01db5452f29b7ac199354d5)
Signed-off-by: Christopher Faulet <cfaulet@haproxy.com>
(cherry picked from commit 1801fc6dd7041cc567a0fd38e5cf18963ea3cd69)
Signed-off-by: Christopher Faulet <cfaulet@haproxy.com>
(cherry picked from commit 68f494f900443f5e630e554031308c93b366425c)
Signed-off-by: Christopher Faulet <cfaulet@haproxy.com>

diff --git a/src/acl.c b/src/acl.c
index fe2310e..b3ba83c 100644 (file)
--- a/src/acl.c
+++ b/src/acl.c
@@ -1336,6 +1336,10 @@ int smp_fetch_acl_parse(struct arg *args, char **err_msg)
        for (i = 0; args[i].type != ARGT_STOP; i++)
                ;
        acl_sample = calloc(1, sizeof(struct acl_sample) + sizeof(struct acl_term) * i);
+       if (unlikely(!acl_sample)) {
+               memprintf(err_msg, "out of memory when parsing ACL expression");
+               return 0;
+       }
        LIST_INIT(&acl_sample->suite.terms);
        LIST_INIT(&acl_sample->cond.suites);
        LIST_APPEND(&acl_sample->cond.suites, &acl_sample->suite.list);