From 46b39d0dc62e09f08efd61311d40f777d63c2192 Mon Sep 17 00:00:00 2001
From: Willy Tarreau <w@1wt.eu>
Date: Thu, 10 May 2012 23:40:14 +0200
Subject: [PATCH] BUG/MEDIUM: config: don't crash at config load time on
 invalid userlist names
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Cyril Bonté reported that passing an invalid userlist name to
http_auth_group() caused haproxy to crash at load. This was due
to an attempt to use the unresolved userlist pointer later to
resolve auth groups since we report many errors before leaving
now.

This issue does not exist in earlier versions since they immediately
abort on the first error, so no backport is needed.
---
 src/acl.c | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/src/acl.c b/src/acl.c
index 8572bd174..54c4e15d2 100644
--- a/src/acl.c
+++ b/src/acl.c
@@ -2214,6 +2214,11 @@ acl_find_targets(struct proxy *p)
 				}
 			} /* end of args processing */
 
+			/* don't try to resolve groups if we're not certain of having
+			 * resolved userlists first.
+			 */
+			if (cfgerr)
+				break;
 
 			if (!strcmp(expr->kw->kw, "http_auth_group")) {
 				/* note: argument resolved above thanks to ARGT_USR */