[PATCH] BUG/MINOR: acl: add check for empty ACL arguments inside '{}'

Wed, 06 Aug 2025 04:53:51 -0700 

From: Nikita Kurashkin <[email protected]>

Fix a parsing issue where empty ACL arguments inside braces were not detected,
causing misleading errors like "missing closing '}' in condition".

1) The while loop condition was modified: instead of checking the first 
character of the string (*args[arg_end]), it now checks for the existence of 
the string pointer (args[arg_end]).
This allows the loop to enter empty strings for further handling.
2) Inside the loop, an explicit check for empty strings (if (*args[arg_end] == 
'\0')) was added, which triggers an error and aborts processing.
3) After the loop, an additional check for the presence and non-emptiness of 
the argument was added to replace the previous first-character check removed 
from the while condition.
This change prevents compiler warnings about potential NULL dereferencing.
4) Added a test case to the configuration file to cover the scenario of an 
empty ACL argument within {}.

Signed-off-by: Nikita Kurashkin <[email protected]>
---
 src/acl.c                    | 9 +++++++--
 tests/conf/test-acl-args.cfg | 3 +++
 2 files changed, 10 insertions(+), 2 deletions(-)

diff --git a/src/acl.c b/src/acl.c
index e607c9b76..3ff0090c9 100644
--- a/src/acl.c
+++ b/src/acl.c
@@ -881,10 +881,15 @@ struct acl_cond *parse_acl_cond(const char **args, struct 
list *known_acl,
                        int arg_end = arg + 1;
                        const char **args_new;
 
-                       while (*args[arg_end] && strcmp(args[arg_end], "}") != 
0)
+                       while (args[arg_end] && strcmp(args[arg_end], "}") != 
0) {
+                               if (*args[arg_end] == '\0') {
+                                       memprintf(err, "empty ACL argument 
inside '{}' is not allowed");
+                                       goto out_free_suite;
+                               }
                                arg_end++;
+                       }
 
-                       if (!*args[arg_end]) {
+                       if (!args[arg_end] || !*args[arg_end]) {
                                memprintf(err, "missing closing '}' in 
condition");
                                goto out_free_suite;
                        }
diff --git a/tests/conf/test-acl-args.cfg b/tests/conf/test-acl-args.cfg
index 26b909fac..09490cbd4 100644
--- a/tests/conf/test-acl-args.cfg
+++ b/tests/conf/test-acl-args.cfg
@@ -20,6 +20,9 @@ frontend 1
        # missing closing ')' after arguments to fetch keyword 'req.hdr' in ACL 
expression 'req.hdr('.
        http-request deny if { req.hdr( }
 
+       # empty argument in ACL expression inside '{}'
+       http-request deny if { path_dir '' }
+
        # cannot be triggered : "returns type of fetch method '%s' is unknown"
 
        # fetch method 'always_true' : no argument supported, but got 'arg' in 
ACL expression 'always_true(arg)'.
-- 
2.34.1

Reply via email to