[BUG] appsession: fix possible double free in case of out of memory
In out of memory conditions, the ->destroy function would free all
possibly allocated pools from the current appsession, including those
that were not yet allocated nor assigned, which used to point to a
previous allocation, obviously resulting in a segfault.
(cherry picked from commit 75eae485921d3a6ce197915c769673834ecbfa5c)
diff --git a/src/proto_http.c b/src/proto_http.c
index e06a782..a65a923 100644
--- a/src/proto_http.c
+++ b/src/proto_http.c
@@ -6900,6 +6900,8 @@
send_log(t->be, LOG_ALERT, "Not enough Memory process_srv():asession:calloc().\n");
return;
}
+ asession->serverid = NULL; /* to avoid a double free in case of allocation error */
+
if ((asession->sessid = pool_alloc2(apools.sessid)) == NULL) {
Alert("Not enough Memory process_srv():asession->sessid:malloc().\n");
send_log(t->be, LOG_ALERT, "Not enough Memory process_srv():asession->sessid:malloc().\n");
@@ -6911,7 +6913,7 @@
server_id_len = strlen(t->srv->id) + 1;
if ((asession->serverid = pool_alloc2(apools.serverid)) == NULL) {
- Alert("Not enough Memory process_srv():asession->sessid:malloc().\n");
+ Alert("Not enough Memory process_srv():asession->serverid:malloc().\n");
send_log(t->be, LOG_ALERT, "Not enough Memory process_srv():asession->sessid:malloc().\n");
t->be->htbl_proxy.destroy(asession);
return;