From: Willy Tarreau <w@1wt.eu>
Date: Mon, 16 Dec 2013 09:40:28 +0000 (+0100)
Subject: BUG/MAJOR: patterns: fix double free caused by loading strings from files
X-Git-Tag: v1.5-dev21~8
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=6762a3061ac0d1d8c8860a2191c602a3c526205c;p=thirdparty%2Fhaproxy.git

BUG/MAJOR: patterns: fix double free caused by loading strings from files

A null pointer assignment was missing after a free in commit 7148ce6 (MEDIUM:
pattern: Extract the index process from the pat_parse_*() functions), causing
a double free after loading a file of string patterns.

This bug was introduced in 1.5-dev20, no backport is needed.

Thanks to Sander Klein for reporting this bug and providing the config
needed to trigger it.
---

diff --git a/src/pattern.c b/src/pattern.c
index ce60f7639d..8380c636fe 100644
--- a/src/pattern.c
+++ b/src/pattern.c
@@ -882,6 +882,7 @@ int pattern_register(struct pattern_expr *expr, const char **args,
 
 			/* the "map_parser_str()" function always duplicate string information */
 			free((*pattern)->ptr.str);
+			(*pattern)->ptr.str = NULL;
 
 			/* we pre-set the data pointer to the tree's head so that functions
 			 * which are able to insert in a tree know where to do that.