BUG/MINOR: acl: Add OOM check for calloc() in smp_fetch_acl_parse()

alexanderstephan · Garfield96 · wtarreau · commit c3e69cf065c5 · 2025-09-02T07:29:54.000+02:00
This patch adds a missing out-of-memory (OOM) check after
the call to `calloc()` in `smp_fetch_acl_parse()`. If
memory allocation fails, an error message is set and
the function returns 0, improving robustness in
low-memory situations.

Co-authored-by: Christian Norbert Menges &lt;christian.norbert.menges@sap.com&gt;
diff --git a/src/acl.c b/src/acl.c
@@ -1351,6 +1351,10 @@ int smp_fetch_acl_parse(struct arg *args, char **err_msg)
 	for (i = 0; args[i].type != ARGT_STOP; i++)
 		;
 	acl_sample = calloc(1, sizeof(struct acl_sample) + sizeof(struct acl_term) * i);
+	if (unlikely(!acl_sample)) {
+		memprintf(err_msg, "out of memory when parsing ACL expression");
+		return 0;
+	}
 	LIST_INIT(&acl_sample->suite.terms);
 	LIST_INIT(&acl_sample->cond.suites);
 	LIST_APPEND(&acl_sample->cond.suites, &acl_sample->suite.list);
