From: Willy Tarreau <w@1wt.eu>
Date: Sun, 10 Feb 2019 17:49:37 +0000 (+0100)
Subject: BUG/MAJOR: stream: avoid double free on unique_id
X-Git-Tag: v2.0-dev1~44
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=09c4bab41188c13e7a9227f8baaff230ebdd0875;p=thirdparty%2Fhaproxy.git

BUG/MAJOR: stream: avoid double free on unique_id

Commit 32211a1 ("BUG/MEDIUM: stream: Don't forget to free
s->unique_id in stream_free().") addressed a memory leak but in
exchange may cause double-free due to the fact that after freeing
s->unique_id it doesn't null it and then calls http_end_txn()
which frees it again. Thus the process quickly crashes at runtime.

This fix must be backported to all stable branches where the
aforementioned patch was backported.
---

diff --git a/src/stream.c b/src/stream.c
index a96ddcb866..df778b156b 100644
--- a/src/stream.c
+++ b/src/stream.c
@@ -387,6 +387,7 @@ static void stream_free(struct stream *s)
 	}
 
 	pool_free(pool_head_uniqueid, s->unique_id);
+	s->unique_id = NULL;
 
 	hlua_ctx_destroy(s->hlua);
 	s->hlua = NULL;