git.ipfire.org Git - thirdparty/haproxy.git/commit

author	Willy Tarreau <w@1wt.eu>
	Fri, 25 Sep 2015 18:24:26 +0000 (20:24 +0200)
committer	Willy Tarreau <w@1wt.eu>
	Fri, 25 Sep 2015 19:16:03 +0000 (21:16 +0200)
commit	958f0742a20ec1bdf6962169dabff20acd47b77b
tree	aa2ef87f25dd38946d53e8cd8c1390064192cba8	tree \| snapshot
parent	5cfa3bcc22708571b674a40f1d9cdfa0657ab33e	commit \| diff

BUG/MEDIUM: stream-int: avoid double-call to applet->release

While the SI_ST_DIS state is set *after* doing the close on a connection,
it was set *before* calling release on an applet. Applets have no internal
flags contrary to connections, so they have no way to detect they were
already released. Because of this it happened that applets were closed
twice, once via si_applet_release() and once via si_release_endpoint() at
the end of a transaction. The CLI applet could perform a double free in
this case, though the situation to cause it is quite hard because it
requires that the applet is stuck on output in states that produce very
few data.

In order to solve this, we now assign the SI_ST_DIS state *after* calling
->release, and we refrain from doing so if the state is already assigned.
This makes applets work much more like connections and definitely avoids
this double release.

In the future it might be worth making applets have their own flags like
connections to carry their own state regardless of the stream interface's
state, especially when dealing with connection reuse.

No backport is needed since this issue was caused by the rearchitecture
in 1.6.

include/proto/stream_interface.h		diff \| blob \| blame \| history
src/stream_interface.c		diff \| blob \| blame \| history