BUG/MEDIUM: patterns: fix possible double free when reloading a pattern list

A null pointer assignment was missing after free() in function
pat_ref_reload() which can lead to segfault.

This bug was introduced in commit b5997f7 ("MAJOR: threads/map: Make
acls/maps thread safe").

Must be backported to 1.8.

diff --git a/src/pattern.c b/src/pattern.c
index 261a0b4b1f3699ee39bf6441f4d5615ba81ed1d6..664afc9d41b13be84d5e5e122486877e9abcbce8 100644 (file)
--- a/src/pattern.c
+++ b/src/pattern.c
@@ -2067,10 +2067,8 @@ int pat_ref_add(struct pat_ref *ref,
 void pat_ref_reload(struct pat_ref *ref, struct pat_ref *replace)
 {
        struct pattern_expr *expr;
-       char *err = NULL;
        struct pat_ref_elt *elt, *safe;
        struct bref *bref, *back;
-       struct sample_data *data;
        struct pattern pattern;
 
 
@@ -2105,6 +2103,9 @@ void pat_ref_reload(struct pat_ref *ref, struct pat_ref *replace)
        list_for_each_entry(expr, &ref->pat, list) {
                expr->pat_head->prune(expr);
                list_for_each_entry(elt, &ref->head, list) {
+                       char *err = NULL;
+                       struct sample_data *data = NULL;
+
                        /* Create sample */
                        if (elt->sample && expr->pat_head->parse_smp) {
                                /* New sample. */
@@ -2122,8 +2123,6 @@ void pat_ref_reload(struct pat_ref *ref, struct pat_ref *replace)
                                }
 
                        }
-                       else
-                               data = NULL;
 
                        /* initialise pattern */
                        memset(&pattern, 0, sizeof(pattern));