From: Willy Tarreau <w@1wt.eu>
Date: Fri, 23 Nov 2012 22:53:18 +0000 (+0100)
Subject: BUG/MEDIUM: acl: make prue_acl_expr() correctly free ACL expressions upon exit
X-Git-Tag: v1.5-dev14~16
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=4a6e5c6d69adbd0df9af1dae1a9bce8d42488da1;p=thirdparty%2Fhaproxy.git

BUG/MEDIUM: acl: make prue_acl_expr() correctly free ACL expressions upon exit

When leaving, during the deinit() process, prune_acl_expr() is called to
delete all ACL expressions. A bug was introduced with commit 34db1084 that
caused every other expression argument to be skipped, and more annoyingly,
it introduced the risk of scanning past the arg list and crashing or
freezing the old process during a reload.

Credits for finding this issue go to Dmitry Sivachenko who first reported
it, and second did a lot of research to narrow it down to a minimal
configuration.
---

diff --git a/src/acl.c b/src/acl.c
index a10e8aeea9..cba89ab0ef 100644
--- a/src/acl.c
+++ b/src/acl.c
@@ -1269,7 +1269,6 @@ static struct acl_expr *prune_acl_expr(struct acl_expr *expr)
 			arg->data.str.str = NULL;
 			arg->unresolved = 0;
 		}
-		arg++;
 	}
 
 	if (expr->args != empty_arg_list)