From 156f4bd7a65f8a25123f6aaf2fc29cd05ab1ec93 Mon Sep 17 00:00:00 2001
From: William Lallemand <wlallemand@haproxy.com>
Date: Wed, 21 May 2025 11:13:09 +0200
Subject: [PATCH] BUG/MEDIUM: acme: check if acme domains are configured

When starting the ACME task with a ckch_conf which does not contain the
domains, the ACME task would segfault because it will try to dereference
a NULL in this case.

The patch fix the issue by emitting a warning when no domains are
configured. It's not done at configuration parsing because it is not
easy to emit the warning because there are is no callback system which
give access to the whole ckch_conf once a line is parsed.

No backport needed.
---
 src/acme.c | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/src/acme.c b/src/acme.c
index a1197f3b7..f983665c6 100644
--- a/src/acme.c
+++ b/src/acme.c
@@ -2266,6 +2266,11 @@ static int acme_start_task(struct ckch_store *store, char **errmsg)
 		goto err;
 	}
 
+	if (!store->conf.acme.domains) {
+		memprintf(errmsg, "No 'domains' were configured for certificate. ");
+		goto err;
+	}
+
 	cfg = get_acme_cfg(store->conf.acme.id);
 	if (!cfg) {
 		memprintf(errmsg, "No ACME configuration found for file '%s'.\n", store->path);