mirrors/haproxy
1
0
Fork 0
mirror of https://git.haproxy.org/git/haproxy.git/ synced 2025-09-22 06:11:32 +02:00
Code Issues Projects Releases Wiki Activity

BUG/MEDIUM: args: fix double free on error path in argument expression parser

Browse Source 
William Lallemand reported a double free on the args parser used in fetches
and ACLs. The cause is that the arg expression is not fully initialized nor
deinitialized when killed and that one of the pointers was already freed once
in certain error conditions.

Simply set it to NULL after the first call to free().

The bug was apparently introduced in 1.5-dev9 with commit 2ac5718
(MEDIUM: add a new typed argument list parsing framework).
This commit is contained in:
Willy Tarreau 2013-12-06 15:30:05 +01:00
parent abca5b6ab5
commit 681e49db49
1 changed files with 1 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
src/arg.c
View File

@ -290,6 +290,7 @@ int make_arg_list(const char *in, int len, unsigned int mask, struct arg **argp,
err:
free(word);
free(*argp);
*argp = NULL;
if (err_arg)
*err_arg = pos;
if (err_ptr)