From c3e69cf065c59acbe01db5452f29b7ac199354d5 Mon Sep 17 00:00:00 2001 From: Alexander Stephan Date: Mon, 1 Sep 2025 09:47:30 +0000 Subject: [PATCH] BUG/MINOR: acl: Add OOM check for calloc() in smp_fetch_acl_parse() This patch adds a missing out-of-memory (OOM) check after the call to `calloc()` in `smp_fetch_acl_parse()`. If memory allocation fails, an error message is set and the function returns 0, improving robustness in low-memory situations. Co-authored-by: Christian Norbert Menges --- src/acl.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/src/acl.c b/src/acl.c index 9325257f9..73fdf7207 100644 --- a/src/acl.c +++ b/src/acl.c @@ -1351,6 +1351,10 @@ int smp_fetch_acl_parse(struct arg *args, char **err_msg) for (i = 0; args[i].type != ARGT_STOP; i++) ; acl_sample = calloc(1, sizeof(struct acl_sample) + sizeof(struct acl_term) * i); + if (unlikely(!acl_sample)) { + memprintf(err_msg, "out of memory when parsing ACL expression"); + return 0; + } LIST_INIT(&acl_sample->suite.terms); LIST_INIT(&acl_sample->cond.suites); LIST_APPEND(&acl_sample->cond.suites, &acl_sample->suite.list);