Gitiles
Code Review Sign In
git01.mediatek.com / haproxy / a220e59ad8dd44cd71484ab5a207ed08f219c737
commita220e59ad8dd44cd71484ab5a207ed08f219c737[log] [tgz]
authorWilly Tarreau <w@1wt.eu>Tue Mar 21 10:44:44 2023 +0100
committerWilly Tarreau <w@1wt.eu>Tue Mar 21 10:44:44 2023 +0100
treee5ac4fea32c044ae92f0639779c503a938eddb74
parent0c4348c982b73fa854de7c8cee5611cbfdd9db3c [diff]
BUG/MEDIUM: mux-h1: properly destroy a partially allocated h1s

In h1c_frt_stream_new() and h1c_bck_stream_new(), if we fail to completely
initialize the freshly allocated h1s, typically because sc_attach_mux()
fails, we must use h1s_destroy() to de-initialize it. Otherwise it stays
attached to the h1c when released, causing use-after-free upon the next
wakeup. This can be triggered upon memory shortage.

This needs to be backported to 2.6.
1 file changed
tree: e5ac4fea32c044ae92f0639779c503a938eddb74
  1. .github/
  2. addons/
  3. admin/
  4. dev/
  5. doc/
  6. examples/
  7. include/
  8. reg-tests/
  9. scripts/
  10. src/
  11. tests/
  12. .cirrus.yml
  13. .gitattributes
  14. .gitignore
  15. .mailmap
  16. .travis.yml
  17. BRANCHES
  18. CHANGELOG
  19. CONTRIBUTING
  20. INSTALL
  21. LICENSE
  22. MAINTAINERS
  23. Makefile
  24. README
  25. SUBVERS
  26. VERDATE
  27. VERSION