Fix bug #68463 listen.allowed_clients can silently result in no allowed access

Add a "There are no allowed addresses for this pool"

diff --git a/sapi/fpm/fpm/fastcgi.c b/sapi/fpm/fpm/fastcgi.c
index 36e37b79d399951ab4749adb9485a842cba00f27..d2764a59b7262e8ff9fc06931769404affa2cbe4 100644 (file)
--- a/sapi/fpm/fpm/fastcgi.c
+++ b/sapi/fpm/fpm/fastcgi.c
@@ -280,6 +280,10 @@ void fcgi_set_allowed_clients(char *ip)
                }
                allowed_clients[n].sa.sa_family = 0;
                free(ip);
+               if (!n) {
+                       zlog(ZLOG_ERROR, "There are no allowed addresses for this pool");
+                       /* don't clear allowed_clients as it will create an "open for all" security issue */
+               }
        }
 }