[BUG] session: risk of crash on out of memory (1.5-dev regression) Patch af5149 introduced an issue which can be detected only on out of memory conditions : a LIST_DEL() may be performed on an uninitialized struct member instead of a LIST_INIT() during the accept() phase, causing crashes and memory corruption to occur. This issue was detected and diagnosed by the Exceliance R&D team. This is 1.5-specific and very recent, so no existing deployment should be impacted.

commit: 9bd0d744efdcd6bb9c910f50af9768e136d830e2 [log] [tgz]
author: Willy Tarreau <w@1wt.eu> Wed Jul 20 00:17:39 2011 +0200
committer: Willy Tarreau <w@1wt.eu> Wed Jul 20 00:22:54 2011 +0200
tree: ae5a20fe36895120b9f4f0685f8259e51758d4ed
parent: 6fb82590148ed1af21171bfac5daab0490a96a2d [diff] [blame]
diff --git a/src/peers.c b/src/peers.c
index f253280..47d9fe1 100644
--- a/src/peers.c
+++ b/src/peers.c

@@ -1185,7 +1185,7 @@
 	stream_sock_prepare_interface(&s->si[1]);
 	s->si[1].release = NULL;
 
-	session_del_srv_conn(s);
+	session_init_srv_conn(s);
 	clear_target(&s->target);
 	s->pend_pos = NULL;
commit	9bd0d744efdcd6bb9c910f50af9768e136d830e2	[log] [tgz]
author	Willy Tarreau <w@1wt.eu>	Wed Jul 20 00:17:39 2011 +0200
committer	Willy Tarreau <w@1wt.eu>	Wed Jul 20 00:22:54 2011 +0200
tree	ae5a20fe36895120b9f4f0685f8259e51758d4ed
parent	6fb82590148ed1af21171bfac5daab0490a96a2d [diff] [blame]