From: Willy Tarreau <w@1wt.eu>
Date: Fri, 26 Feb 2021 20:19:53 +0000 (+0100)
Subject: CLEANUP: vars: always zero the pointers after a free()
X-Git-Tag: v2.4-dev10~4
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=5b52b0039319aff61360838b83cb7247942646f6;p=thirdparty%2Fhaproxy.git

CLEANUP: vars: always zero the pointers after a free()

In sample_store(), depending on the new sample types, the area pointer
was not always zeroed after being freed. Let's make sure it's always the
case to avoid the risk of dangling pointers being misused.
---

diff --git a/src/vars.c b/src/vars.c
index 3da4430029..c101c7288f 100644
--- a/src/vars.c
+++ b/src/vars.c
@@ -141,11 +141,11 @@ unsigned int var_clear(struct var *var)
 	unsigned int size = 0;
 
 	if (var->data.type == SMP_T_STR || var->data.type == SMP_T_BIN) {
-		free(var->data.u.str.area);
+		ha_free(&var->data.u.str.area);
 		size += var->data.u.str.data;
 	}
 	else if (var->data.type == SMP_T_METH && var->data.u.meth.meth == HTTP_METH_OTHER) {
-		free(var->data.u.meth.str.area);
+		ha_free(&var->data.u.meth.str.area);
 		size += var->data.u.meth.str.data;
 	}
 	LIST_DEL(&var->l);
@@ -352,12 +352,12 @@ static int sample_store(struct vars *vars, const char *name, struct sample *smp)
 		/* free its used memory. */
 		if (var->data.type == SMP_T_STR ||
 		    var->data.type == SMP_T_BIN) {
-			free(var->data.u.str.area);
+			ha_free(&var->data.u.str.area);
 			var_accounting_diff(vars, smp->sess, smp->strm,
 					    -var->data.u.str.data);
 		}
 		else if (var->data.type == SMP_T_METH && var->data.u.meth.meth == HTTP_METH_OTHER) {
-			free(var->data.u.meth.str.area);
+			ha_free(&var->data.u.meth.str.area);
 			var_accounting_diff(vars, smp->sess, smp->strm,
 					    -var->data.u.meth.str.data);
 		}