From 37e583d80dfb3fabdfaeb9a6daa31d84bc199fe9 Mon Sep 17 00:00:00 2001 From: Christopher Faulet Date: Fri, 12 Mar 2021 12:00:14 +0100 Subject: [PATCH] BUG/MINOR: tcpcheck: Fix double free on error path when parsing tcp/http-check When a "tcp-check" or a "http-check" rule is parsed, we try to get the previous rule in the ruleset to get its index. We must take care to reset the pointer on this rule in case an error is triggered later on the parsing. Otherwise, the same rule may be released twice. For instance, it happens with such line : http-check meth GET uri / ## note there is no "send" parameter This patch must be backported as far as 2.2. (cherry picked from commit cd03be73d59ad2c5d9ad43b28a1b0fda9f32526c) Signed-off-by: Christopher Faulet --- src/check.c | 1 + src/tcpcheck.c | 1 + 2 files changed, 2 insertions(+) diff --git a/src/check.c b/src/check.c index 35ecf9e..72ee221 100644 --- a/src/check.c +++ b/src/check.c @@ -1555,6 +1555,7 @@ static int proxy_parse_httpcheck(char **args, int section, struct proxy *curpx, chk = LIST_PREV(&rs->rules, typeof(chk), list); if (chk->action != TCPCHK_ACT_SEND || !(chk->send.http.flags & TCPCHK_SND_HTTP_FROM_OPT)) index = chk->index + 1; + chk = NULL; } if (strcmp(args[cur_arg], "connect") == 0) diff --git a/src/tcpcheck.c b/src/tcpcheck.c index a426833..f889dff 100644 --- a/src/tcpcheck.c +++ b/src/tcpcheck.c @@ -3739,6 +3739,7 @@ static int proxy_parse_tcpcheck(char **args, int section, struct proxy *curpx, if (!LIST_ISEMPTY(&rs->rules)) { chk = LIST_PREV(&rs->rules, typeof(chk), list); index = chk->index + 1; + chk = NULL; } cur_arg = 1; -- 1.7.10.4