From 817c4e39e51f5be7161eceb21985e87b633321cb Mon Sep 17 00:00:00 2001 From: Christopher Faulet Date: Fri, 7 Feb 2020 10:26:23 +0100 Subject: [PATCH] BUG/MINOR: http-act: Fix bugs on error path during parsing of return actions This patch fixes memory leaks and a null pointer dereference found by coverity on the error path when an HTTP return action is parsed. See issue #491. No need to backport this patch except the HTT return action is backported too. --- src/http_act.c | 24 +++++++++++++----------- 1 file changed, 13 insertions(+), 11 deletions(-) diff --git a/src/http_act.c b/src/http_act.c index dc8c33ddda..a3dce68b90 100644 --- a/src/http_act.c +++ b/src/http_act.c @@ -2053,7 +2053,7 @@ static enum act_parse_ret parse_http_return(const char **args, int *orig_arg, st cur_arg++; if (!*args[cur_arg]) { memprintf(err, "'%s' expects as argument", args[cur_arg-1]); - return ACT_RET_PRS_ERR; + goto error; } status = atol(args[cur_arg]); if (status < 200 || status > 599) { @@ -2436,18 +2436,20 @@ static enum act_parse_ret parse_http_return(const char **args, int *orig_arg, st free(name); if (fd >= 0) close(fd); - list_for_each_entry_safe(hdr, hdrb, hdrs, list) { - LIST_DEL(&hdr->list); - list_for_each_entry_safe(lf, lfb, &hdr->value, list) { - LIST_DEL(&lf->list); - release_sample_expr(lf->expr); - free(lf->arg); - free(lf); + if (hdrs) { + list_for_each_entry_safe(hdr, hdrb, hdrs, list) { + LIST_DEL(&hdr->list); + list_for_each_entry_safe(lf, lfb, &hdr->value, list) { + LIST_DEL(&lf->list); + release_sample_expr(lf->expr); + free(lf->arg); + free(lf); + } + free(hdr->name.ptr); + free(hdr); } - free(hdr->name.ptr); - free(hdr); + free(hdrs); } - free(hdrs); if (action == 3) { list_for_each_entry_safe(lf, lfb, &rule->arg.http_return.body.fmt, list) { LIST_DEL(&lf->list);