From: Christopher Faulet <cfaulet@haproxy.com>
Date: Thu, 6 Feb 2025 14:30:30 +0000 (+0100)
Subject: BUG/MINOR: cli: Fix memory leak on error for _getsocks command
X-Git-Tag: v3.2-dev5~16
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=372cc696d44e6853b9f7920f1c2d965736029764;p=thirdparty%2Fhaproxy.git

BUG/MINOR: cli: Fix memory leak on error for _getsocks command

Some errors in parse function of _getsocks commands were not properly handled
and immediately returned, leading to a memory leak on cmsgbuf and tmpbuf
buffers.

To fix the issue, instead of immediately return with -1, we jump to "out"
label. Returning 1 intead of -1 in that case is valid.

This was reported by Coverity in #2841: CIDs 1587773 and 1587772.

This patch should be backported as far as 2.4.
---

diff --git a/src/cli.c b/src/cli.c
index cde0cab2b..63d6a3d55 100644
--- a/src/cli.c
+++ b/src/cli.c
@@ -2407,7 +2407,7 @@ static int _getsocks(char **args, char *payload, struct appctx *appctx, void *pr
 			iov.iov_len = curoff;
 			if (sendmsg(fd, &msghdr, 0) != curoff) {
 				ha_warning("Failed to transfer sockets\n");
-				return -1;
+				goto out;
 			}
 
 			/* Wait for an ack */
@@ -2417,7 +2417,7 @@ static int _getsocks(char **args, char *payload, struct appctx *appctx, void *pr
 
 			if (ret <= 0) {
 				ha_warning("Unexpected error while transferring sockets\n");
-				return -1;
+				goto out;
 			}
 			curoff = 0;
 			nb_queued = 0;