BUG/MAJOR: sessions: unlink session from list on out of memory
Since embryonic sessions were introduced in 1.5-dev12 with commit
2542b53 ("MAJOR: session: introduce embryonic sessions"), a major
bug remained present. If haproxy cannot allocate memory during
session_complete() (for example, no more buffers), it will not
unlink the new session from the sessions list. This will cause
memory corruptions if the memory area from the session is reused
for anything else, and may also cause bogus output on "show sess"
on the CLI.
This fix must be backported to 1.5.
(cherry picked from commit 3b24641745b32289235d765f441ec60fa7381f99)
diff --git a/src/session.c b/src/session.c
index df85170..5b9e407 100644
--- a/src/session.c
+++ b/src/session.c
@@ -579,6 +579,7 @@
/* and restore the connection pointer in case we destroyed it,
* because kill_mini_session() will need it.
*/
+ LIST_DEL(&s->list);
s->target = &conn->obj_type;
return ret;
}