There remained some cases (on error paths) were a server could be freed
while still attached on the parent proxy server list. In 3.3 this can be
problematic because new_server() automatically adds the server to the
parent proxy list.
The bug is insignificant because it is on errors paths during init and
often haproxy exits right after. But let's fix that to ensure no UAF or
undefined behavior occurs because of that.
This patch depends on ("MINOR: cli: use srv_drop() when server was created using new_server()")
It must be backported in 3.3 with the above mentioned patch.
error:
- list_for_each_entry(child, &proc_list, list)
+ list_for_each_entry(child, &proc_list, list) {
+ srv_detach(child->srv);
srv_drop(child->srv);
+ }
free(msg);
return -1;
free_check(&newsrv->agent);
free_check(&newsrv->check);
MT_LIST_DELETE(&newsrv->global_list);
+ srv_detach(newsrv);
}
srv_drop(newsrv);
return i - srv->tmpl_info.nb_low;
projects / thirdparty / haproxy.git / commitdiff
