From 042cc79e59a06117f0dec5d95fedb1b1af60f537 Mon Sep 17 00:00:00 2001 From: Willy Tarreau Date: Mon, 19 Mar 2007 16:20:06 +0100 Subject: [PATCH] [BUG] fix pointer initializations for TCP connections. Very recent changes consisting in moving some pointers to the transaction instead of the session have lead to a bug because those pointers were only initialized if the protocol was HTTP, but they were freed based on their value. In some cases, it was possible to cause double frees. --- src/client.c | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) diff --git a/src/client.c b/src/client.c index ea33240ad..a683be754 100644 --- a/src/client.c +++ b/src/client.c @@ -196,15 +196,19 @@ int event_accept(int fd) { txn = &s->txn; txn->flags = 0; + /* Those variables will be checked and freed if non-NULL in + * session.c:session_free(). It is important that they are + * properly initialized. + */ + txn->srv_cookie = NULL; + txn->cli_cookie = NULL; + txn->uri = NULL; txn->req.cap = NULL; txn->rsp.cap = NULL; txn->hdr_idx.v = NULL; txn->hdr_idx.size = txn->hdr_idx.used = 0; if (p->mode == PR_MODE_HTTP) { - txn->uri = NULL; - txn->cli_cookie = NULL; - txn->srv_cookie = NULL; txn->status = -1; txn->req.msg_state = HTTP_MSG_RQBEFORE; /* at the very beginning of the request */