BUG/MEDIUM: vars: Properly eval set-var-fmt action for emtpy log-format string

When the log-format string was empty, in action_store() function, a fallback was
performed on the expression evaluation, thinking a set-var() was performed.
However, it is possible to have an empty log-format string. At least, on 3.2 and
3.0, it is allowed to parse an empty log-format string, quoted empty string are
not rejected.

So, on 3.2 and 3.0, it was possible to have a "set-var-fmt" action in the config
leading to parse an empty log-format string. Doing so, a crash could be
experienced when the action was executed because the fallback on the expression
evaluation led to dereference a NULL pointer.

To fix the issue, during parsing the action type is now set to a different value
for a "set-var" or a "set-var-fmt" action. And this action type is tested during
execution to perform the right action.

This patch should fix issue #3406. It must be backported as far as 3.0. Only 3.2
and 3.0 are affected by the issue.

src/vars.c

@@ -1030,7 +1030,7 @@ static enum act_return action_store(struct act_rule *rule, struct proxy *px,
 	/* Process the expression. */
 	memset(&smp, 0, sizeof(smp));
 
-	if (!lf_expr_isempty(&rule->arg.vars.fmt)) {
+	if (rule->action == 2) {  /* set-var-fmt */
 		/* a format-string is used */
 
 		fmtstr = alloc_trash_chunk();
@@ -1051,7 +1051,7 @@ static enum act_return action_store(struct act_rule *rule, struct proxy *px,
 		smp.data.type = SMP_T_STR;
 		smp.data.u.str = *fmtstr;
 	}
-	else {
+	else { /* set-var */
 		/* an expression is used */
 		if (!sample_process(px, sess, s, dir|SMP_OPT_FINAL,
 	                            rule->arg.vars.expr, &smp))
@@ -1360,7 +1360,7 @@ static enum act_parse_ret parse_store(const char **args, int *arg, struct proxy
 		}
 	}
 
-	rule->action     = ACT_CUSTOM;
+	rule->action     = set_var;
 	rule->action_ptr = action_store;
 	rule->release_ptr = release_store_rule;
 	return ACT_RET_PRS_OK;