From 7a8ca0a0633e120c5b82de81f03c31cc39a17cb1 Mon Sep 17 00:00:00 2001
From: Willy Tarreau <w@1wt.eu>
Date: Mon, 20 Mar 2023 19:53:14 +0100
Subject: [PATCH] BUG/MINOR: stconn: fix sedesc memory leak on stream
 allocation failure

If we fail to allocate a new stream in sc_new_from_endp(), and the call
to sc_new() allocated the sedesc itself (which normally doesn't happen),
then it doesn't get released on the failure path. Let's explicitly
handle this case so that it's not overlooked and avoids some head
scratching sessions.

This may be backported to 2.6.
---
 src/stconn.c | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/src/stconn.c b/src/stconn.c
index e1266a4eb..f84ae6a0f 100644
--- a/src/stconn.c
+++ b/src/stconn.c
@@ -171,8 +171,12 @@ struct stconn *sc_new_from_endp(struct sedesc *sd, struct session *sess, struct
 	if (unlikely(!sc))
 		return NULL;
 	if (unlikely(!stream_new(sess, sc, input))) {
-		pool_free(pool_head_connstream, sc);
 		sd->sc = NULL;
+		if (sc->sedesc != sd) {
+			/* none was provided so sc_new() allocated one */
+			sedesc_free(sc->sedesc);
+		}
+		pool_free(pool_head_connstream, sc);
 		se_fl_set(sd, SE_FL_ORPHAN);
 		return NULL;
 	}