BUG/MINOR: mux-h1: Fix a UAF in cfg_h1_headers_case_adjust_postparser() When an error occurs in the post-parser callback which checks configuration validity of the option outgoing-headers-case-adjust-file, the error message is freed too early, before being used. No backport needed. It fixes the github issue #258.

commit: cac5c094d1da360dd78c188b89c0f7fd52569d61 [log] [tgz]
author: Christopher Faulet <cfaulet@haproxy.com> Tue Jul 30 16:51:42 2019 +0200
committer: Christopher Faulet <cfaulet@haproxy.com> Fri Sep 06 08:59:23 2019 +0200
tree: 52787b3ed7f7e6488d322ea015447cf3a4315a76
parent: c5940392255e5a5a7eb0d27be62e155f1aec26c6 [diff]
diff --git a/src/mux_h1.c b/src/mux_h1.c
index e638330..1fc6503 100644
--- a/src/mux_h1.c
+++ b/src/mux_h1.c

@@ -2693,17 +2693,17 @@
 		err = NULL;
 		rc = add_hdr_case_adjust(key_beg, value_beg, &err);
 		if (rc < 0) {
-			free(err);
 			ha_alert("config : h1-outgoing-headers-case-adjust-file '%s' : %s at line %d.\n",
 				 hdrs_map.name, err, line);
 			err_code |= ERR_ALERT | ERR_FATAL;
+			free(err);
 			goto end;
 		}
 		if (rc > 0) {
-			free(err);
 			ha_warning("config : h1-outgoing-headers-case-adjust-file '%s' : %s at line %d.\n",
 				   hdrs_map.name, err, line);
 			err_code |= ERR_WARN;
+			free(err);
 		}
 	}
commit	cac5c094d1da360dd78c188b89c0f7fd52569d61	[log] [tgz]
author	Christopher Faulet <cfaulet@haproxy.com>	Tue Jul 30 16:51:42 2019 +0200
committer	Christopher Faulet <cfaulet@haproxy.com>	Fri Sep 06 08:59:23 2019 +0200
tree	52787b3ed7f7e6488d322ea015447cf3a4315a76
parent	c5940392255e5a5a7eb0d27be62e155f1aec26c6 [diff]