BUG/MEDIUM: servers: Only destroy a conn_stream we just allocated.
In connect_server(), if we failed to add the connection to the session,
only destroy the conn_stream if we just allocated it, otherwise it may
have been allocated outside connect_server(), along with a connection which
has its destination address set.
Also use si_release_endpoint() instead of cs_destroy(), to make sure the
stream_interface doesn't reference it anymore.
This should be backported to 1.9.
diff --git a/src/backend.c b/src/backend.c
index e9f3605..26dcccf 100644
--- a/src/backend.c
+++ b/src/backend.c
@@ -1148,6 +1148,7 @@
int reuse = 0;
int reuse_orphan = 0;
int init_mux = 0;
+ int alloced_cs = 0;
int err;
@@ -1325,9 +1326,10 @@
if (avail >= 1) {
srv_cs = srv_conn->mux->attach(srv_conn, s->sess);
- if (srv_cs)
+ if (srv_cs) {
+ alloced_cs = 1;
si_attach_cs(&s->si[1], srv_cs);
- else
+ } else
srv_conn = NULL;
}
else
@@ -1351,7 +1353,8 @@
if (!session_add_conn(s->sess, srv_conn, s->target)) {
/* If we failed to attach the connection, detach the
* conn_stream, possibly destroying the connection */
- cs_destroy(srv_cs);
+ if (alloced_cs)
+ si_release_endpoint(&s->si[1]);
srv_conn->owner = NULL;
if (!srv_add_to_idle_list(objt_server(srv_conn->target), srv_conn))
/* The server doesn't want it, let's kill the connection right away */