mirrors/haproxy
1
0
Fork 0
mirror of https://git.haproxy.org/git/haproxy.git/ synced 2026-05-04 12:41:00 +02:00
Code Issues Projects Releases Wiki Activity

[BUG] appsession: fix possible double free in case of out of memory

Browse Source 
In out of memory conditions, the ->destroy function would free all
possibly allocated pools from the current appsession, including those
that were not yet allocated nor assigned, which used to point to a
previous allocation, obviously resulting in a segfault.
(cherry picked from commit 75eae485921d3a6ce197915c769673834ecbfa5c)
This commit is contained in:
Willy Tarreau 2010-11-19 11:29:06 +01:00
parent f70fc75296
commit 77eb9b8a2d
1 changed files with 3 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
src/proto_http.c
View File

@ -6900,6 +6900,8 @@ void manage_server_side_cookies(struct session *t, struct buffer *res)
send_log(t->be, LOG_ALERT, "Not enough Memory process_srv():asession:calloc().\n");
return;
}
asession->serverid = NULL; /* to avoid a double free in case of allocation error */
if ((asession->sessid = pool_alloc2(apools.sessid)) == NULL) {
Alert("Not enough Memory process_srv():asession->sessid:malloc().\n");
send_log(t->be, LOG_ALERT, "Not enough Memory process_srv():asession->sessid:malloc().\n");
@ -6911,7 +6913,7 @@ void manage_server_side_cookies(struct session *t, struct buffer *res)
server_id_len = strlen(t->srv->id) + 1;
if ((asession->serverid = pool_alloc2(apools.serverid)) == NULL) {
Alert("Not enough Memory process_srv():asession->sessid:malloc().\n");
Alert("Not enough Memory process_srv():asession->serverid:malloc().\n");
send_log(t->be, LOG_ALERT, "Not enough Memory process_srv():asession->sessid:malloc().\n");
t->be->htbl_proxy.destroy(asession);
return;