projects / haproxy-2.5.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 2672215) | patch
BUG/MAJOR: connection: prevent double free if conn selected for removal
authorAmaury Denoyelle <adenoyelle@haproxy.com>
Tue, 16 Feb 2021 14:16:17 +0000 (15:16 +0100)
committerAmaury Denoyelle <adenoyelle@haproxy.com>
Tue, 16 Feb 2021 15:17:29 +0000 (16:17 +0100)
commitaba507334b471e5b5d0044a74d7177b29491637f
tree8dc17815497e56cf2d358c58dc2eb722eb04c88etree | snapshot
parent267221557fe2a0641f3ab93d546a7580852d5809commit | diff
BUG/MAJOR: connection: prevent double free if conn selected for removal

Always try to remove a connexion from its toremove_list in conn_free.
This prevents a double-free in case the connection is freed but was
already added in toremove_list.

This bug was easily reproduced by running 4-5 runs of inject on a
single-thread instance of haproxy :

$ inject -u 10000 -d 10 -G 127.0.0.1:20080

A crash would soon be triggered in srv_cleanup_toremove_connections.

This does not need to be backported.
include/haproxy/connection.h diff | blob | history
haproxy-2.5 public tree. Stable production code.