BUG/MINOR: http-act: Fix bugs on error path during parsing of return actions

This patch fixes memory leaks and a null pointer dereference found by coverity
on the error path when an HTTP return action is parsed. See issue #491.

No need to backport this patch except the HTT return action is backported too.

src/http_act.c

@@ -2053,7 +2053,7 @@ static enum act_parse_ret parse_http_return(const char **args, int *orig_arg, st
 			cur_arg++;
 			if (!*args[cur_arg]) {
 				memprintf(err, "'%s' expects <status_code> as argument", args[cur_arg-1]);
-				return ACT_RET_PRS_ERR;
+				goto error;
 			}
 			status = atol(args[cur_arg]);
 			if (status < 200 || status > 599) {
@@ -2436,18 +2436,20 @@ static enum act_parse_ret parse_http_return(const char **args, int *orig_arg, st
 	free(name);
 	if (fd >= 0)
 		close(fd);
-	list_for_each_entry_safe(hdr, hdrb, hdrs, list) {
+	if (hdrs) {
-		LIST_DEL(&hdr->list);
+		list_for_each_entry_safe(hdr, hdrb, hdrs, list) {
-		list_for_each_entry_safe(lf, lfb, &hdr->value, list) {
+			LIST_DEL(&hdr->list);
-			LIST_DEL(&lf->list);
+			list_for_each_entry_safe(lf, lfb, &hdr->value, list) {
-			release_sample_expr(lf->expr);
+				LIST_DEL(&lf->list);
-			free(lf->arg);
+				release_sample_expr(lf->expr);
-			free(lf);
+				free(lf->arg);
+				free(lf);
+			}
+			free(hdr->name.ptr);
+			free(hdr);
 		}
-		free(hdr->name.ptr);
+		free(hdrs);
-		free(hdr);
 	}
-	free(hdrs);
 	if (action == 3) {
 		list_for_each_entry_safe(lf, lfb, &rule->arg.http_return.body.fmt, list) {
 			LIST_DEL(&lf->list);