From: Willy Tarreau <w@1wt.eu>
Date: Tue, 27 Oct 2020 08:51:37 +0000 (+0100)
Subject: BUG/MINOR: log: fix memory leak on logsrv parse error
X-Git-Tag: v2.1.10~15
X-Git-Url: http://git.haproxy.org/?a=commitdiff_plain;h=d3c1b831ee4f6ea662fdde5bf4241dd1e7893cc3;p=haproxy-2.1.git

BUG/MINOR: log: fix memory leak on logsrv parse error

In case of parsing error on logsrv, we can leave parse_logsrv() without
releasing logsrv->ring_name or smp_rgs. Let's free them on the error path.
This should fix issue #926 detected by Coverity.

The impact is only a tiny leak just before reporting a fatal error, so it
will essentially annoy valgrind.

This can be backported to 2.0 (just drop the ring part).

(cherry picked from commit ae32ac74dbc2cb93a07d7d29b4c20a075bc7741a)
Signed-off-by: Christopher Faulet <cfaulet@haproxy.com>
(cherry picked from commit ad6e92761d877d872414ccbcf408d5f5f92c3b91)
Signed-off-by: Christopher Faulet <cfaulet@haproxy.com>
---

diff --git a/src/log.c b/src/log.c
index 1f7d062..18ad561 100644
--- a/src/log.c
+++ b/src/log.c
@@ -794,6 +794,7 @@ int smp_log_range_cmp(const void *a, const void *b)
  */
 int parse_logsrv(char **args, struct list *logsrvs, int do_del, char **err)
 {
+	struct smp_log_range *smp_rgs = NULL;
 	struct sockaddr_storage *sk;
 	struct logsrv *logsrv = NULL;
 	int port1, port2;
@@ -899,7 +900,6 @@ int parse_logsrv(char **args, struct list *logsrvs, int do_del, char **err)
 	if (strcmp(args[cur_arg], "sample") == 0) {
 		unsigned low, high;
 		char *p, *beg, *end, *smp_sz_str;
-		struct smp_log_range *smp_rgs = NULL;
 		size_t smp_rgs_sz = 0, smp_sz = 0, new_smp_sz;
 
 		p = args[cur_arg+1];
@@ -1041,6 +1041,7 @@ int parse_logsrv(char **args, struct list *logsrvs, int do_del, char **err)
 	return 1;
 
   error:
+	free(smp_rgs);
 	free(logsrv);
 	return 0;
 }