From 999699a277d85e875c5351cfe949c851f574f007 Mon Sep 17 00:00:00 2001 From: Aurelien DARRAGON Date: Thu, 6 Jul 2023 14:57:32 +0200 Subject: [PATCH] BUG/MEDIUM: sink: invalid server list in sink_new_from_logsrv() forward proxy server list created from sink_new_from_logsrv() is invalid Indeed, srv->next is literally assigned to itself. This did not cause issues during syslog handling because the sft was properly set, but it will cause the free_proxy(sink->forward_px) at deinit to go wild since free_proxy() will try to iterate through the proxy srv list to free ressources, but because of the improper list initialization, double-free and infinite-loop will occur. This bug was revealed by 9b1d15f53a ("BUG/MINOR: sink: free forward_px on deinit()") It must be backported as far as 2.4. --- src/sink.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/sink.c b/src/sink.c index 8f38f8508..1edde3c86 100644 --- a/src/sink.c +++ b/src/sink.c @@ -1089,8 +1089,8 @@ struct sink *sink_new_from_logsrv(struct logsrv *logsrv) /* the servers are linked backwards * first into proxy */ - p->srv = srv; srv->next = p->srv; + p->srv = srv; /* allocate sink_forward_target descriptor */ sft = calloc(1, sizeof(*sft));