Gitiles
Code Review Sign In
git01.mediatek.com / haproxy / 465a6c850629bd1fbbecb028af631ff81bd09e11
commit465a6c850629bd1fbbecb028af631ff81bd09e11[log] [tgz]
authorWilly Tarreau <w@1wt.eu>Tue Mar 21 10:50:51 2023 +0100
committerWilly Tarreau <w@1wt.eu>Tue Mar 21 10:50:51 2023 +0100
treecb8248b552dd156c9bf631fa031cc7fa5ade782e
parenta220e59ad8dd44cd71484ab5a207ed08f219c737 [diff]
BUG/MEDIUM: applet: only set appctx->sedesc on successful allocation

If appctx_new_on() fails to allocate a task, it will not remove the
freshly allocated sedesc from the appctx despite freeing it, causing
a UAF. Let's only assign appctx->sedesc upon success.

This needs to be backported to 2.6. In 2.6 the function is slightly
different and called appctx_new(), though the issue is exactly the
same.
1 file changed
tree: cb8248b552dd156c9bf631fa031cc7fa5ade782e
  1. .github/
  2. addons/
  3. admin/
  4. dev/
  5. doc/
  6. examples/
  7. include/
  8. reg-tests/
  9. scripts/
  10. src/
  11. tests/
  12. .cirrus.yml
  13. .gitattributes
  14. .gitignore
  15. .mailmap
  16. .travis.yml
  17. BRANCHES
  18. CHANGELOG
  19. CONTRIBUTING
  20. INSTALL
  21. LICENSE
  22. MAINTAINERS
  23. Makefile
  24. README
  25. SUBVERS
  26. VERDATE
  27. VERSION