BUG/MINOR: server: remove some incorrect free() calls on null elements

In commit 6f4bfed3a ("MINOR: server: Add parser support for
set-proxy-v2-tlv-fmt") a few free() calls were made to an element on
error path when it was detected it was NULL. It doesn't have any
effect, however there was one case of use-after-free at the end of
srv_settings_cpy() that was caught by gcc due to attempting to free
the element after freeing its holder.

No backport is needed.

diff --git a/src/server.c b/src/server.c
index 488b6663b4fd0372b02bf29aab0263c16496a65c..6e9e19564e87a1d791346f53b31bd5f8e350c564 100644 (file)
--- a/src/server.c
+++ b/src/server.c
@@ -1372,7 +1372,6 @@ static int srv_parse_set_proxy_v2_tlv_fmt(char **args, int *cur_arg,
        srv_tlv->fmt_string = strdup(args[*cur_arg + 1]);
        if (unlikely(!srv_tlv->fmt_string)) {
                memprintf(err, "'%s' : failed to save format string for parsing", args[*cur_arg]);
-               free(srv_tlv->fmt_string);
                goto fail;
        }
 
@@ -2519,13 +2518,11 @@ void srv_settings_cpy(struct server *srv, const struct server *src, int srv_tmpl
                        break;
                new_srv_tlv = malloc(sizeof(struct srv_pp_tlv_list));
                if (unlikely(!new_srv_tlv)) {
-                       free(new_srv_tlv);
                        break;
                }
                new_srv_tlv->fmt_string = strdup(srv_tlv->fmt_string);
                if (unlikely(!new_srv_tlv->fmt_string)) {
                        free(new_srv_tlv);
-                       free(new_srv_tlv->fmt_string);
                        break;
                }
                new_srv_tlv->type = srv_tlv->type;