From 2ca42b4656f60655a5295a66f321239faee2d9fe Mon Sep 17 00:00:00 2001
From: Remi Tricot-Le Breton <rlebreton@haproxy.com>
Date: Wed, 12 May 2021 18:24:18 +0200
Subject: [PATCH] BUG/MINOR: http: Missing calloc return value check while
 parsing tcp-request/tcp-response

A memory allocation failure happening in tcp_parse_tcp_req or
tcp_parse_tcp_rep when trying to allocate an act_rule structure would
have resulted in a crash. These functions are only called during
configuration parsing.

It was raised in GitHub issue #1233.
It could be backported to all stable branches.
---
 src/tcp_rules.c | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/src/tcp_rules.c b/src/tcp_rules.c
index 2e1eac4ee..edc287b56 100644
--- a/src/tcp_rules.c
+++ b/src/tcp_rules.c
@@ -1055,6 +1055,10 @@ static int tcp_parse_tcp_rep(char **args, int section_type, struct proxy *curpx,
 	}
 
 	rule = calloc(1, sizeof(*rule));
+	if (!rule) {
+		memprintf(err, "parsing [%s:%d] : out of memory", file, line);
+		return -1;
+	}
 	LIST_INIT(&rule->list);
 	arg = 1;
 	where = 0;
@@ -1169,6 +1173,10 @@ static int tcp_parse_tcp_req(char **args, int section_type, struct proxy *curpx,
 	}
 
 	rule = calloc(1, sizeof(*rule));
+	if (!rule) {
+		memprintf(err, "parsing [%s:%d] : out of memory", file, line);
+		return -1;
+	}
 	LIST_INIT(&rule->list);
 	arg = 1;
 	where = 0;