From 1455d6bb690d8c91159a709cc6d1a0dc01ed9153 Mon Sep 17 00:00:00 2001
From: Francis Lavoie <lavofr@gmail.com>
Date: Fri, 2 Apr 2021 18:47:04 -0400
Subject: httpcaddyfile: Fix panic in automation policy consolidation (#4104)

* httpcaddyfile: Add reproduce test

* httpcaddyfile: Don't allow `i` to go below zero
---
 caddyconfig/httpcaddyfile/tlsapp.go | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

(limited to 'caddyconfig/httpcaddyfile')

diff --git a/caddyconfig/httpcaddyfile/tlsapp.go b/caddyconfig/httpcaddyfile/tlsapp.go
index 45ba9d2..85f9e5a 100644
--- a/caddyconfig/httpcaddyfile/tlsapp.go
+++ b/caddyconfig/httpcaddyfile/tlsapp.go
@@ -491,13 +491,13 @@ func consolidateAutomationPolicies(aps []*caddytls.AutomationPolicy) []*caddytls
 	}
 
 	// remove or combine duplicate policies
+outer:
 	for i := 0; i < len(aps); i++ {
 		// compare only with next policies; we sorted by specificity so we must not delete earlier policies
 		for j := i + 1; j < len(aps); j++ {
 			// if they're exactly equal in every way, just keep one of them
 			if reflect.DeepEqual(aps[i], aps[j]) {
 				aps = append(aps[:j], aps[j+1:]...)
-				i--
 				break
 			}
 
@@ -524,6 +524,7 @@ func consolidateAutomationPolicies(aps []*caddytls.AutomationPolicy) []*caddytls
 					if automationPolicyShadows(i, aps) >= j {
 						aps = append(aps[:i], aps[i+1:]...)
 						i--
+						continue outer
 					}
 				} else {
 					// avoid repeated subjects
-- 
cgit v1.2.3